
Ask HN: How do you manage app secrets? - humility
In a web application, there are so many secrets to be managed - db passwords, jwt secrets, session secrets, etc.. what&#x27;s a good strategy to manage them? I don&#x27;t imagine committing them to version control is a good idea?
======
jeremija
I usually have a base config file that's committed and serves as an example or
for developing with local services that I (or any other dev) can run easily
via docker compose. Additionally, any setting can be overridden with an
appropriate environment variable.

For test/production environments I have a separate config file that is not
committed to the repository.

Continuous integration tools like GitLab CI, Drone CI, and I believe Travis CI
have support for application secrets so that can be used for automated
deployment. Alternatively, these config files can live on the servers.

Some automation tools like Ansible have the ability to encrypt the secrets so
they can be pushed to the repository, but I've never done it. Docker swarm
also has support for defining secrets, and I'm sure Kubernetes does too.

