sst.dev icon indicating copy to clipboard operation
sst.dev copied to clipboard
verified publisher icon sst

What is the safest place to put secret keys in the backend

Open SumayaG opened this issue 7 years ago • 2 comments

Hi,

I have a SECRET KEY for STRIPE that i have to use in the backend. This secret key should not be exposed to anyone. Where do you think would be the safest place to put this and how to do it.

Regards

SumayaG avatar Mar 09 '18 00:03 SumayaG

@SumayaG Yeah it definitely shouldn't be in your code. You could make it a part of your build service. Or use AWS SSM. Here is some more info on it https://hackernoon.com/you-should-use-ssm-parameter-store-over-lambda-env-variables-5197fc6ea45b

jayair avatar Mar 09 '18 20:03 jayair

@jayair Thanks, I'll look into AWS SSM.

SumayaG avatar Mar 10 '18 22:03 SumayaG