Ask HN: What are the best practices for storing API keys?

7 pointsby loourralmost 10 years ago

If I have a web service which uses other 3rd party API and I want to store the keys securely, what are the best practices around that?<p>I've looked at vault (https://hashicorp.com/blog/vault.html) which seems ideal but still in production.<p>Also AWS's Key Management system (KMS)(https://aws.amazon.com/kms/) seems promising but only provides ways to store native AWS keys. Would I then create a database which held the keys encrypted using KMS keys and SQL access keys?

2 comments

SEJeffalmost 10 years ago

Another option, which is used in production by cloudflare:<p><a href="https://github.com/cloudflare/redoctober" rel="nofollow">https://github.com/cloudflare/redoctober</a>

评论 #9614167 未加载

hoarealmost 10 years ago

about how many api keys are we talking? im using enviroment variables for the job. Might not be manageable if you have many keys though

评论 #9614111 未加载