1·
11 months agoThat’s just as insecure lol, env vars are far better
sphericth0r
- 0 Posts
- 5 Comments
Joined 1 year ago
Cake day: June 17th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
Even worse, they’ll claim it was a bug
Yeah, if you tend to use your servers for pretty vanilla uses you may not have encountered it much. Once you get into the deep end, it gets deep quick.
Once you have lived through library dependency hell, you care
It’s probably best to look at what the devops industry is embracing, environment variables are as secure as any of the alternatives but poor implementations will always introduce attack vectors. Secret management stores require you to authenticate, which requires you to store the credential for it somewhere - no matter what there’s no way to secure an insecure implementation of secrets access