You need to protect those secrets, and that isn't covered here. Encryption should be applied to the file contents, and restrictive ACLs should be applied to the file itself.
Some observations: - The value of __name__ should not be use to determine environments - To choose between environments, an additional environment variable called "environment" could be used, with a default value of "dev" to avoid errors - Having multiple .envs in local could make sense but only as an edge case, production credentials should not be in ANY local machine - If Python-dotenv is going to be a dependency, considered using tools like PDM, Poetry or Pipenv to make sure dependencies are locked
So if the secrets aren't in git, how can other collaborators use the secrets if they pick up a story that uses this code or how do testers test this code if they can't access the secrets?
Each production environment is different but they will all have the ability to inject the secrets as environment variables which will be stored in local memory that can't be obtained by a malicious user.
You need to protect those secrets, and that isn't covered here. Encryption should be applied to the file contents, and restrictive ACLs should be applied to the file itself.
Could you recommend a tutorial that covers that part?
Thank you so much , u r awesome
Thanks for the feedback!!!
Bro I am seeing this video on a Tuesday coincidentally
Some observations:
- The value of __name__ should not be use to determine environments
- To choose between environments, an additional environment variable called "environment" could be used, with a default value of "dev" to avoid errors
- Having multiple .envs in local could make sense but only as an edge case, production credentials should not be in ANY local machine
- If Python-dotenv is going to be a dependency, considered using tools like PDM, Poetry or Pipenv to make sure dependencies are locked
if i put .env or separate file to save secrets in my working server, how I protect it from outside hacker?
did you find the answer?
So if the secrets aren't in git, how can other collaborators use the secrets if they pick up a story that uses this code or how do testers test this code if they can't access the secrets?
Secret Manager
Uhm how to put them in a prod server, the secrets should not be in the server right
Each production environment is different but they will all have the ability to inject the secrets as environment variables which will be stored in local memory that can't be obtained by a malicious user.
thank you, excellent
Hi can you make a tutorial on implementing Ci-Cd with bitbucket and ggshield
Thank you! Very well explained!
how can I use this inside Aws Services like ERM-Studio? tnx
You might want to try using AWS secrets manager for AWS native environments ruclips.net/video/as4gWjQYrHc/видео.htmlsi=v8-fL7fkpw3lJQGE
Where does keyring fit into all this?