Managing the secrets must be considered at different levels:
- Source Code Level for example hard coded in source code.
- Repository Level for example Git/ Git Hub.
- Infrastructure Level for example for developing the infrastructure as code.
Source Code Level
To prevent to have secrects at code level, it’s enough not to write the users, passwords, tokens, secrets in source code but in:
- Config file.
- Environment variable. Two Examplpe for Python and C#
In both cases must be careful not to commit the .config and .env file to the repository.
In the case of using the Config file, must pay attention not to commit the config file into the repository.
The environment variable in Python projects are saved in .env files.
_STORAGE_ACCOUNT_NAME=environ.get('STORAGE_ACCOUNT_NAME', 'storage account') _STORAGE_ACCOUNT_KEY=environ.get('STORAGE_ACCOUNT_KEY', 'storage key')
By preventing to write the secrets in source code and save the secrets in aconfig file, we must be careful not to push & commit the code to the repository.