How to manage +300 secrets?
I need to extract data from an API that have a separate token for each endpoint. 😣
And I need to extract data from more that 300 endpoints.
I’m considering two options:
1. create a key for environment variables for each token
2. create one environment variable with all keys in json format
I don’t consider either option a good solution
Any idea of how to handle this?
🤖 1
c
Casper Weiss Bang
01/12/2023, 11:59 AM
where are you hosting it? You could create a ressource that connects to some sort of secret manager. I.e an azure keyvault or similarly. Also makes it easier to control and see what access to what
or if it's not particularly sensitive just chuck the file with 300 api tokens on s3. then you're turning 300 secrets into one AWS key pair
r
Rafael Figueiredo
01/12/2023, 1:11 PM
Hi @Martin Carlsson, you have a couple of options, you can use an external secret manager like aws secret manager, azure, etc, as suggested by @Casper Weiss Bang, or you can store all secrets in a encrypted file using a tool like ansible-vault, and pass the main password as an environment variable.
m
Martin Carlsson
01/13/2023, 3:08 AM
Thanks @Casper Weiss Bang and @Rafael Figueiredo
We are on AWS and it is unfortunately very sensitive data.
In development I will add all tokens to a json object and set that jsonobject as a environment variable.
And then come production, we need to make a decision on what we will do. Most likely aws secret manager.