简体中文(ZH-CN)English(EN)繁体中文(ZH-TW)日本語(JA)한국어(KO)Melayu(MS)Français(FR)Deutsch(DE)
Home
Article
Q&A
Course
Topic
Download
Game
Dictionary
Recent Updates

Home  >  Article  >  Backend Development  >  Move hardcoded secrets to a Secrets Manager

Move hardcoded secrets to a Secrets Manager

Barbara Streisand
Barbara StreisandOriginal
2024-10-14 06:15:29457browse

Move hardcoded secrets to a Secrets Manager

A secrets manager is a tool for storing and managing your passwords, API keys, database credentials and other types of sensitive data your application requires.

Secrets hard-coded in application source codes or stored in plain text files for your codes to consume can be exploited by malicious entities who can inspect the applications or the components in your system. This risk can be mitigated with secrets managers.

dotenv-vault

dotenv-vault is one such secrets manager that provides a safer alternative to putting your secrets in code.

[!Note]
This is not a tutorial on using dotenv-vault. The aim of this document is to explain how a secret manager can help developers avoid hard-coding secrets or storing them in plain text files. You can learn how to get started with dotenv-vault here.

Let's say I have sensitive information about a particular character in the movie Star Wars: Episode V and I want my program to use that information.

def spoiler():
    spoiler = "Darth Vader is Luke Skywalker's father"
    return { "spoiler": spoiler }

Instead of hard-coding the information, I would write it as an environment variable in the .env file:

SPOILER="Darth Vader is Luke Skywalker's father"

With dotenv-vault, my program is able to access the sensitive information by using the environment variable.

import os
from dotenv_vault import load_dotenv

load_dotenv() # Take environment variables from .env

def spoiler():
    spoiler = os.getenv("SPOILER") # Get the secret
    return { "spoiler": spoiler }

Then I encrypt the environment variable by syncing the .env file. Once the syncing is completed, a data known as DOTENV_KEY can be generated. This output can be read by my program as an environment variable in production.

DOTENV_KEY='dotenv://:key_1234@dotenv.org/vault/.env.vault?environment=production' python main.py

As a result, my production application is able to access the secret.

{ "spoiler": "Darth Vader is Luke Skywalker's father" }

Choose the right Secrets Manager for you

There is a variety of secrets management solutions available. Each secrets manager comes with its own set of pros and cons. Choose the option that best fits your organization's requirements.

List of alternative Secrets Managers:

  1. Infiscal
  2. Doppler
  3. HashiCorp Vault
  4. AWS Secrets Manager
  5. Azure Key Vault

The above is the detailed content of Move hardcoded secrets to a Secrets Manager. For more information, please follow other related articles on the PHP Chinese website!

for using this database azure Access
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:Transform Your Text Analysis Journey: How KeyBERT is Changing the Game for Keyword Extraction!Next article:Transform Your Text Analysis Journey: How KeyBERT is Changing the Game for Keyword Extraction!

Related articles

See more