Hacker News new | past | comments | ask | show | jobs | submit login

They didn't even mention the alternative to this statement. I've only ran applications with environment variables. And since they're allowed everywhere (lambdas, docker images, heroku and whatnot), It's hard to imagine how passing credentials into code, could've been done otherwise.



The two other ways I’ve seen is a direct dependency on the secrets manager or injecting files.

Environment variables seem to be the standard.

Direct dependency is usually bad and injecting files violates the immutable nature of a container.


I wouldn't consider binding files to be a violation of container immutability, which is how K8S secrets work.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: