Hacker News new | past | comments | ask | show | jobs | submit login

Secrets don’t belong in environment variables either. Place them in a vault and grant specific processes/identities permission to read and decrypt them.

Env vars are prone to leaking and best practice moves the goal post further. Devs love to dump envs to log files, child processes inherit them, admins can very easily sniff them.




all solution inevitably evolve as "add another layer of indirection / abstraction"

there are costs associated with adding additional layer in regards to maintenance of such layer.

easiest way to bring down your entire distributed infrastructure and cause large scale outage is when your vault is down...




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: