Reputation: 73
How can I hide my api keys when deploying an app in a virtual machine on the cloud?
We are deploying our app in DigitalOcean and in order for our app to work we have a .env file which we fill with api secret keys for stuff like stripe, auth0, aws etc... I dont feel like this is safe enough though because many people have access to the virtual machine and can view those api keys. What is the best way to secure them ?
Upvotes: 0
Views: 268
Answers (2)
Reputation: 3173
You could use some kind of secret manager like https://cloud.google.com/secret-manager/docs/create-secret-quickstart.
You can track the access of the assets and give or remove access.
Upvotes: 0
Reputation: 943696
If people you do not trust have admin access to the machine, then you can not trust the machine with secrets.
Use a different machine which only trusted people have admin access to.
Upvotes: 2
Related Questions
- How do I use my api keys in vercel deployment but hide it from github?
- How to hide secrete keys in apis
- How to hide an API key when deploying a website to Netlify
- Where to "hide" an API key
- How to hide API keys and secrets in React JS app deployed on Docker
- How to hide client side api keys?
- Hiding API keys in JS setup
- How to hide/secure API keys in an Angular 2 client side application?
- Protecting API Key in a JS application
- Hide secret key in public repository