I have api keys and private keys in my node js app config.json file. Is there a posibility that those data might get exposed? Maybe through fly getting breached or something.
Well I can’t speak for how Fly’s innards work, but that seems unlikely.
However I’d recommend using secrets, which are designed for this very purpose. If you provide the values to Fly via its
fly secrets command (see Secrets and Fly Apps · Fly Docs) it will then store them safely encrypted in their vault. For example set
API_KEY=secret. You would then use a reference to them in your Node config file. For example
process.env.API_KEY. That way your Node app will see “secret” however you have avoided keeping that secret value in your app, which is ultimately plain text.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.