Storing secrets in the environment is an *excellent* idea. Heroku highly encoura... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		bradleybuda on Feb 6, 2013 \| parent \| context \| favorite \| on: Keeping Passwords in Source Control Storing secrets in the environment is an excellent idea. Heroku highly encourages this approach, and it makes it much easier to give different levels of access to code and secure data. It also makes it easier to avoid accidentally copying secrets across environments (i.e. using a production API key in staging or dev). If you're not familiar with the practice, I'd encourage you to read the "twelve-factor" section on configuration: http://www.12factor.net/config . The advice applies even if you're not using Heroku for hosting.

voltagex_ on Feb 6, 2013 [–]

It did lead to an interesting exploit though - http://titanous.com/posts/vulnerabilities-in-heroku-build-sy...

nikcub on Feb 7, 2013 | [–]

that vulnerability still would have applied if config directives were stored in files

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact