(no title)
valrix
|
2 years ago
Nah, I keep them in an encrypted environment file that I have to unlock at server startup. I used GPG to encrypt with a key and use a long, complex password for unlock. To make it safer I should probably use a security key instead, or add 2FA before the password prompt to unlock. The guidelines are definitely correct about not using environment variables though, since they can stick around in logs and often stay in memory for the life of the program.
No comments yet.