This repository has been archived by the owner on May 17, 2021. It is now read-only.
Investigate using Hashicorp Vault (or alternative) for secret management #53
Labels
question
Further information is requested
Comments
MacND
changed the title
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Description
Having API keys and database credentials in plaintext on a server is just bad, I want to get away from it. Using Vault (or alt.) would give audited, secured access to the important secrets used by the bot.
User Story
This would drastically improve security, and could be managed via configuration management like Ansible for the infrastructure. It also promotes best practices using a widely adopted, continuously developed tool that I'd be looking to learn anyway.
Gemalto (payment security) did a presentation on Vault with NodeJS, and T-Mobile have created their own version Vault for secret management too.
The text was updated successfully, but these errors were encountered: