Reputation: 1281
Where to put oAuth app secrets
I'm developing a web app which authenticates against a 3rd party service using oAuth. The 3rd party supplied me with an app secret and an app id.
The app code is supposed to live on github. Now, I don't want to push my app id and secret to github. The app itself is supposed to be deployed on either AWS or OpenShift.
What options do these (and other) cloud computing providers offer to store credentials like that? What other options are there?
I expected them to have like a secret store, and an API to access that store from my app's code, but I wasn't able to find anything.
Upvotes: 2
Views: 1656
Answers (1)
Reputation: 4002
One of the most common options is to use environment variables (see Openshift env vars) which you can then access within your application.
Another option is to have your config file (where you are storing the private data) listed on .gitignore and manually set it only for your Openshift app.
Upvotes: 1
Related Questions
- Best practice AWS access key and secret for applications
- In AWS Lambda, where can I securely store API Credentials?
- Best practice for storing external API secrets in server using AWS?
- Where to store AWS credentials in ECS service
- Storing secrets and credentials inside of an Android App
- Where to keep private keys and credentials for a web app?
- Where is the most secured place to store Amazon AWS Id and secret key?
- How to manage application secrets in AWS?
- Right way to store sensitive credentials for web app
- Best Place to Store Included AWS Credentials in an iOS Application