2

There are these relevant questions questions:

But as far as I can tell, they deal with the opposite side of the problem. So yes, we've designed a good application that has no secrets stored in it or its repository. They either pull them from the environment variables or from files stored on the system. Great, awesome, secure, right?

But what about our secrets? Where do they come from? Do we store these in another vcs repository? Do they only exist in an encrypted database?

Obviously we want developers to have their own credential sets - but we're going to need to have credentials for our test/preprod/prod servers.

How do we keep those secure? Of course we want them accessible to the systems that need them...

Community
  • 1
Wayne Werner
  • 2,340
  • 2
  • 23
  • 23

2 Answers2

3

If you're asking how to manage your own keys then there are 2 places to store them:

For dev/test - you might as well put them in the SCM repo. Unless your repo is publicly accessible.

For production, you want to store them with a single point of authority, either somebody (with a deputy) who keeps the originals on a CD or USB drive in a firesafe or similar.

Copies of these can then be given to the relevant people who need to deploy them. So (eg) a DBA who creates the DB and sets up the user accounts associated with it will be given the passwords and accounts to use. This can be emailed to him, assuming you trust your email provider, or handed on a scrap of paper that is eaten immediately afterwards if you are really paranoid.

In many cases you don't need to be quite so secure - the DBA may create the passwords and user accounts to use himself, but he must them tell someone (preferably the contact who keeps this information) what they were in case of accident.

Otherwise, you use the OSs features to secure the details - either creating accounts using LDAP or AD, or putting certificate files into protected directories and ensuring they are secured so only the correct user accounts can access them.

gbjbaanb
  • 48,354
  • 6
  • 102
  • 172
  • 1
    As an addendum to this, you shouldn't ever have anyone hand out your master keys anywhere in your company. If they need to be used at all, they should be used to generate a new certificate or account that can be used for authorisation by proxy (not a web proxy...). So, you don't get access to root, but you get an account with the permissions you need to do your job, and you don't get the password to the root CA within your org, but you can get certs issued by the root CA rapidly that you can use to provide the appropriate credentials to services that use such a thing. – Software Engineer Nov 17 '15 at 17:25
0

Secrets such as credentials to a database should be kept in a local configuration file, either of your own making, or securely transmitted to you.

Robert Harvey
  • 198,589
  • 55
  • 464
  • 673