As developers or dev-teams we use environment configs and secrets in our day-to-day development processes during these activities we tend to discover cases of these configs and secrets being leaked to third-party applications or the general public in this article you would learn possible ways you can manage your environment configs and secrets.
What are environment configurations?
Environment configurations are referred to as the dependencies required by software or system to run successfully during development up to production. Environment configurations can also be called the runtime dependencies of an application because they are required for software and system to run successfully.
What are dependencies?
Dependencies can be described as a scenario whereby a piece of software is dependent on another software to run, in terms of environment configurations and secrets the software depends on the environment configurations and secrets to run successfully and carry out tasks.
How can you manage these environment configs and secret securely?
1. Making use of ENV files
ENV files are popularly used for storing configurations and secrets during development the twelve-factor app manifesto recommends that you pass application configs as ENV variables here is a detailed article that talks more about using ENV files.
What is an env file?
A .env file or dotenv file is a simple text configuration file for controlling or storing your application's environment configs and secrets.
HEROKU_ID=1kge132dg6ddvdf8dvdfdb
NODE_ENV=development
POSTGRES_ID=hwr1516b24282f2627237
Using dotenv file could be a great choice for a single developer but they are downsides when you are building with larger teams a secret manager is needed to make sharing configs across teammates secure and effective.
2. Making use of configs and secret management tools
Secret management tools( Secret managers) are widely adopted by dev teams and are recommended to developers that want to manage configs and secrets securely and collaboratively.
What are secret managers?
Secret Managers are secure and convenient storage systems for configurations and secrets (API keys, passwords, and other sensitive data). Secret Managers provide a central place and single source of truth to manage access, and audit secrets and configurations.
Which secret manager would I recommend to developers?
After using different secret managers I concluded that onboardbase is more of a developer-focused secret manager and can be integrated into and development framework, language, cloud service, CI/CD tools(AWS, python, JavaScript, React, and more).
with onboardbase, you can perform all SecOps operations which make developments secure and collaborative.
Do more with with Onboardbase
Onboardbase is an app secret manager designed for developers to secure any development key in any workflow. A protected dashboard accessible from any terminal centralizes your app configurations, and a CLI easily integrates your secrets in all your git projects. You can get started for free in a minute without disrupting your current development workflow, it’s that simple!