• Cassidy
    link
    English
    29 months ago

    What should you be doing with API keys?

    • @ExtraMedicated@lemmy.world
      link
      fedilink
      English
      39 months ago

      I guess it depends on who should have access to them, but at the company I work for, we keep all the private config files backed up in a secure place (local network server, encrypted cloud storage, whatever) and the config files are added to .gitignore. This is especially important for databases with personal info.

    • @pixxelkick@lemmy.world
      link
      fedilink
      English
      29 months ago

      We load all secrets in from an instance of Hashicorp Vault we have running.

      It’s pretty easy API to use, has packages for most languages, has a solid docker image, and is compatible with pretty much every type of storage under the sun.

    • @CameronDev@programming.dev
      link
      fedilink
      English
      09 months ago

      I think, and i could be wrong, but you should be storing them in a password manager style service, and then have your application pull them out.

      Which is just commiting the keys with extra steps I guess :/