

Ask HN: How do you store credentials to external services? - YuriNiyazov

My current project involves sending e-mail and SMS, and receiving responses from users over the same channel. To connect the external providers, I have accounts with passwords.<p>Currently those passwords are just stored in plaintext in the source code, which feels slightly unsafe. I tell myself that the fear is completely unfounded and that if someone were to get access to the source code of the app, their ability to look at the passwords of external services will be a very small part of the problem. However, I feel it is prudent to ask before I move on:<p>Where do you store passwords for external services?<p>Thanks.
======
cperciva
Store them as a file on disk which you read in when necessary. The separation
this provides gives you two benefits: First, you don't need to worry about
"sanitizing" your source code if you ever want anyone else to look at it; and
second, it makes it easy to use separate accounts for development vs.
production.

~~~
YuriNiyazov
Thank you.

Should I bother with encrypting that file, or plaintext is fine?

~~~
elcron
Encryption is probably irrelevant because the password for it will be in the
code, although it will make it slightly harder if someone gains access to your
server.

