Techly NewsGet the app

Get the latest tech news

Do not use secrets in environment variables


Stop storing secrets in environment variables. It's a bad practice and only fits hobby or side projects with no real business impact. Here are all the reasons why you should never store secrets in environment variables and how to do it better.

Difficult to change when compromised: Imagine there’s now a data breach or one of your team members accidentally exposed an API token through a publishing a GitHub repository as public or in an npm package they pushed to the registry. If you’re an enterprise or on a startup that seeks growth, this lack of visibility makes it difficult to comply with security standards like SOC 2 or HIPAA, which require detailed audit trails for access to sensitive information. This data exposure can occur in unexpected error logs on the server, a rich debug output, or exception thrown crash reports, potentially revealing sensitive information to unauthorized users.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of secrets

secrets

Related news:

News photo

The Secrets Behind Blizzard Entertainment’s Success

News photo

Apple may bring a guest mode to your iPhone, helping to protect its secrets

News photo

US nuclear reactor breakthrough unravels plutonium oxide’s secrets at 3000 K | The research team employed an innovative method by suspending small samples of PuO2 in a gas stream and then heating them with a laser.

« Amazon Antitrust Case Filed by FTC to Move Forward After Ruling
Unlocking the 'aha' moment: Developer relations for startups »