DEV Community

sidpalas
sidpalas

Posted on

How to Properly Manage Application Secrets (From Beginner to Expert!) 🔐

#webdev #devops #security

Where do you fall on the scale? Are there any levels I missed?

  • Level -2: No authentication
  • Level -1: All passwords = "password"
  • Level 0: Hardcode everywhere
  • Level +1: Move secrets into a config file (and add to .gitignore)
  • Level +2: Encrypt config file
  • Level +3: Use secret manager (e.g. AWS Secrets Manager)
  • Level +4: Dynamic ephemeral credentials (using a tool like Hashicorp Vault)

Top comments (1)

Collapse
 
sidpalas profile image
sidpalas • Edited

For personal projects, Level 1 is usually fine, but for anything professional, I generally go with at least Level 3!

Read next

soumayaerradi profile image

Angular Signals: From Zero to Hero

Soumaya Erradi -

hamzakhan profile image

🛠️ Battle of the Backend: Go vs Node.js vs Python – Which One Reigns Supreme in 2024? 🚀

Hamza Khan -

naymhdev profile image

Mastering Advanced TypeScript: A Deep Dive into Dynamic Types, Asynchronous Programming, and Utility Types

Naym Hossen -

balaharinath-dev profile image

From 2500 to Top 10! Our Team Advances to the Grand Finale of Tata InnoVent 2024!

Balaharinath C -