DEV Community

sidpalas
sidpalas

Posted on

How to Properly Manage Application Secrets (From Beginner to Expert!) 🔐

Where do you fall on the scale? Are there any levels I missed?

  • Level -2: No authentication
  • Level -1: All passwords = "password"
  • Level 0: Hardcode everywhere
  • Level +1: Move secrets into a config file (and add to .gitignore)
  • Level +2: Encrypt config file
  • Level +3: Use secret manager (e.g. AWS Secrets Manager)
  • Level +4: Dynamic ephemeral credentials (using a tool like Hashicorp Vault)

Discussion (1)

Collapse
sidpalas profile image
sidpalas Author • Edited on

For personal projects, Level 1 is usually fine, but for anything professional, I generally go with at least Level 3!