Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

A lot of people here are saying that a vault is preferable to this, especially for secrets.

Is there a good primer on using vaults? I know how to query and insert into Azure Key Vaults, but architecting around it is unclear to me.

Things that come up for me:

- As (azure) key vaults don't support per secret access rights, where do I store secrets between deployments?

- Should I store connection strings to cloud resources, or just ask the resource for the connection string at deployment time (for Azure, a cloud function pretty much needs a connection string for most basic things. They say they are moving away from this but ...)

- A security warning is send if a key is accessed more then x/times per hour. Does that mean I should pull in the key from vault at deployment? Cache it after first call during runtime?

- Most of our 3rd party vendors gives us 1 and only 1 key. How do I manage that key between development, production and several developers? Right now we mostly forward the e-mail from the vendor with the key ...



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: