How to Manage Application Secrets (7 Levels of Credential Management)
November 11, 2020
Categories: Tags:TL;DR: If you develop web applications, inevitably you will have secrets (database credentials, 3rd party API keys, etc…) that you need to manage. I have seen a variety of approaches used here and wanted to walk through them, from least secure to most.
There are always trade-offs when writing software, and in this case, the tradeoff is between convenience and security. The ideal solution will establish convenient developer workflows while also protecting user data.
![images/credential-management-meme.png](/posts/2020/11/credential-management/images/credential-management-meme_hu904d9e6de4caa7a0e56b8ca866e19471_478821_700x500_fit_q85_box_3.png)