Currently, an .env file is being used to store all the secrets of the application. However, it poses many secu

Question

Currently, an .env file is being used to store all the secrets of the application. However, it poses many security risks, from public exposure to rotational failure. To combat that issue, it is highly suggested to use a credential manager such as AWS Parameter Store or Google Secrets Manager to make sure that these secrets are never leaked or do not result in errors while rotating their values. These services are not expensive and should cost only a few single-digit dollars a month. This is highly recommended.

shyam · Accepted Answer

Currently, an .env file is being used to store all the secrets of the application. However, it poses many security risks, from public exposure to rotational failure. To combat that issue, it is highly suggested to use a credential manager such as AWS Parameter Store or Google Secrets Manager to make sure that these secrets are never leaked or do not result in errors while rotating their values. These services are not expensive and should cost only a few single-digit dollars a month. This is highly recommended.

Credentials Manager instead of ENV

Activity