• ExtraMedicated@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      I guess it depends on who should have access to them, but at the company I work for, we keep all the private config files backed up in a secure place (local network server, encrypted cloud storage, whatever) and the config files are added to .gitignore. This is especially important for databases with personal info.

    • pixxelkick@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      We load all secrets in from an instance of Hashicorp Vault we have running.

      It’s pretty easy API to use, has packages for most languages, has a solid docker image, and is compatible with pretty much every type of storage under the sun.

    • CameronDev@programming.dev
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      1 year ago

      I think, and i could be wrong, but you should be storing them in a password manager style service, and then have your application pull them out.

      Which is just commiting the keys with extra steps I guess :/