Romper
Reputation: 2259
Securing application passwords
What are best practices in securing passwords that are using in application? For example password for database and other services.
- plain text password in VCS
- crypted password in VCS, provide decrypting key on application launch
- a tool for securely managing secrets, like Vault
- ???
Upvotes: 0
Views: 117
Answers (1)
Sergey Alaev
Reputation: 3972
It all comes down to two options:
- configure application with passwords on deployment. E.g. properties file, command-line parameters or env variables
- pull passwords from secure password repository
And one rule:
Accessing production passwords should require the same privileges as modifying production application that uses that passwords. E.g. passwords should be available only to application and deployment script of that application.
Details really depend on your infrastructure and requirements.
Upvotes: 2
Related Questions
- Storing passwords safely in a database
- Safe storing/creating passwords
- How to manage passwords in application configuration
- Basic secure user password storage workflow
- Password Storage and Secure Password Transfer
- How to manage passwords in web applications?
- How to set up a web-based password database
- How to secure passwords in the Software Development?
- Dealing with passwords securely
- saving passwords inside your application code