Deploying them as ENV values and reading from env is the best practice as far as... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		ayi on Feb 25, 2022 \| parent \| context \| favorite \| on: Ask HN: Best practice for storing API keys securel... Deploying them as ENV values and reading from env is the best practice as far as I know. But "deploying" part depends on your infrastructure.

securityquest on Feb 25, 2022 [–]

Do you store them as plaintext in the backend db?

tedyoung on Feb 25, 2022 | [–]

Often keys are stored in some sort of secure Key Vault. This is part of the infrastructure, e.g., Azure Key Vault. Or something like https://www.vaultproject.io/docs/secrets

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact