November 11, 2020Categories:
TL;DR: If you develop web applications, inevitably you will have secrets (database credentials, 3rd party API keys, etc…) that you need to manage. I have seen a variety of approaches used here and wanted to walk through them, from least secure to most.
There are always trade-offs when writing software, and in this case the tradeoff is between convenience and security. The ideal solution will establish convenient developer workflows while also protecting user data.