Where do you fall on the scale? Are there any levels I missed?
- Level -2: No authentication
- Level -1: All passwords = "password"
- Level 0: Hardcode everywhere
- Level +1: Move secrets into a config file (and add to .gitignore)
- Level +2: Encrypt config file
- Level +3: Use secret manager (e.g. AWS Secrets Manager)
- Level +4: Dynamic ephemeral credentials (using a tool like Hashicorp Vault)
Top comments (1)
For personal projects, Level 1 is usually fine, but for anything professional, I generally go with at least Level 3!