How to handle Secrets in repositories is always an issue (Chicken or the egg).
There are several initiatives, however still I like to keep in a separate file that must be handled manually by sysadmin/devops:
https://security.web.cern.ch/security/recommendations/en/password_alternatives.shtml
https://coderwall.com/p/kucyaw/protect-secret-data-in-git-repo
https://www.vaultproject.io/
https://spring.io/blog/2016/06/24/managing-secrets-with-vault
https://github.com/stuinzuri/SimpleJavaKeyStore
Yet Another summary to solve this topic:
https://dev.to/bpedro/how-to-securely-store-api-keys-ab6
Nuevos Heroes
1 year ago
No comments :
Post a Comment