Reputation:
How to securely store JWT secrets/private keys on a NODEjs application?
How to securely store JWT secrets/private keys on a NODEjs application ?
User only native nodejs methods or using a secret management service ?
Upvotes: 0
Views: 1361
Answers (1)
Reputation: 8773
First of all, you don't need to store JWT tokens as they are not meant for storing. You can always validate if you have a secret key available using the JWT library that is being used.
Now, when you generally host your services one way people use environment variables to access the secrets. However, they are visible to all who have access to the lambda/cloud functions or any specific services in the cloud.
process.env.VARIABLENAME
Secret managers are a great way to store your keys, password or anything that seems sensitive. We are extensively using them where ever we see the use of passwords, usernames, DB connection strings, etc.
Use only native nodejs methods
Not sure what native methods you meant here? You can use env file to keep things on servers, but it is only useful when you host them on servers, or containers(never used them on lambdas).
Upvotes: 0
Related Questions
- How to safely store & process secret key for JWT
- JWT store at server database
- Securely store data in a Node CLI app
- Best practice store secrets in Javascript Express App
- Where can we store the JWT token securely?
- Storing and Using JWT & Secret Key
- Storing the googleapi Secret Keys in Firebase Environmental Variables
- Where should I store jwt token for authentication on server side
- Where should I store my secret keys for my Node.js app?
- JWT: What's a good secret key, and how to store it in an Node.js/Express app?