Security

How to Manage Application Secrets (7 Levels of Credential Management)

November 11, 2020
Categories:
Tutorial
Tags:
Hashicorp Vault, Security

TL;DR: If you develop web applications, inevitably you will have secrets (database credentials, 3rd party API keys, etc…) that you need to manage. I have seen a variety of approaches used here and wanted to walk through them, from least secure to most.

There are always trade-offs when writing software, and in this case, the tradeoff is between convenience and security. The ideal solution will establish convenient developer workflows while also protecting user data.

images/credential-management-meme.png
...

© DevOps Directive 2023