menu

The information in our interactive Radar is currently only available in English. To get information in your native language, please download the PDF here.

Techniques

Decoupling secret management from source code

ARCHIVED BLIP
Please be aware that we have archived this blip and are no longer actively keeping the information updated. The current edition of the radar only features items that we feel are new or noteworthy.Understand more
Nov 2017
trial?

In previous Radars issues we mentioned tools such as git-crypt and Blackbox that allow us to keep secrets safe inside the source code. Decoupling secret management from source code is our way to remind technologists that there are other options for storing secrets. For example, HashiCorp vault, CI servers and configuration management tools provide mechanisms for storing secrets that are not linked to the source code of an application. Both approaches are viable and we recommend you use at least one of them in your projects.

Mar 2017
trial?

In previous Radars issues we mentioned tools such as git-crypt and Blackbox that allow us to keep secrets safe inside the source code. Decoupling secret management from source code is our way to remind technologists that there are other options for storing secrets. For example, HashiCorp vault, CI servers and configuration management tools provide mechanisms for storing secrets that are not linked to the source code of an application. Both approaches are viable and we recommend you use at least one of them in your projects.