I'm currently using a setup where we attach a file in our Apache vhost while others have their own .env files. I'm looking for a more secure solution and considering using a secrets manager. My main concern is to ensure that the values of these variables are not exposed to anyone who shouldn't see them.
4 Answers
Just a heads-up, if users have access to the host machine, they might still be able to see decrypted environment variables by inspecting the service processes. It’s important to clarify your thread model. Are you using ECS, EKS, Lambda, or just EC2?
I’ve been using Doppler, which is free for me as part of my GitHub Student Pack. It works well for managing environment variables securely!
Using AWS Secrets Manager is a great option for securing your environment variables. You can store all sensitive data there and access it in your application code, which keeps those values hidden from unauthorized users. This way, you eliminate the reliance on .env files and increase your security.
I recommend going with a secrets manager too, as it's straightforward to retrieve values from it. Plus, you can control who sees what through IAM permissions, which adds another layer of security.
Related Questions
How To: Running Codex CLI on Windows with Azure OpenAI
Set Wordpress Featured Image Using Javascript
How To Fix PHP Random Being The Same
Why no WebP Support with Wordpress
Replace Wordpress Cron With Linux Cron
Customize Yoast Canonical URL Programmatically