Storing secrets

taylor1027 report abuse

Hi! I'm building a system which consists of several IoT devices. Also, it uses a couple of 3rd party resources to perform some work. I have accounts for accessing those resources. There is a need to interact with those services from the code. So, I need to store my credentials somewhere. Is it secure to store them on my server?

Answers

label report abuse

It is obvious that we always need to store credentials somewhere. And there always is an intrinsic risk. Every system can be hacked. Do you have front-end for your system?

taylor1027 report abuse

I have minimal front-end but it is not available for users. Only I can use it.

label report abuse

In this case, I think that it is OK to store credentials directly on the server. You don't have the front-end through which the hackers can access the database. Ensure that your server is reliably protected by its credentials.

taylor1027 report abuse

What other options are there for storing secrets?

Kan13 report abuse

You can try to encipher your credentials, but I agree with @label that it is not needed in your case. Also, there are some external services, that provides solutions for storing secrets. For example, Hashicorp Vault.

Kan13 report abuse

You can try to encipher your credentials, but I agree with @label that it is not needed in your case. Also, there are some external services, that provides solutions for storing secrets. For example, Hashicorp Vault.

taylor1027 report abuse

Thank you for your inputs!

Add Answer

Need support?

Just drop us an email to ... Show more