0

I can use java or nodejs at the backend. I have read several posts on the web and I am considering three options

  1. Storing the data in a local file or environment variables.
  2. Storing the data in the database on the machine
  3. Storing the data in the database on a different server and getting them through an api.

Which is the best way to store credentials and why?

DEVCNN
  • 614
  • 4
  • 13
  • This answer is opinionated and very wide. What are security credentials to you ? Is that your firebase token ? are these your user logs ? Are these your database access ? They all have different "best practices", and it's usually explained in their own documentation. –  Mar 18 '19 at 10:57
  • Let's say these are third-party app credentials. – DEVCNN Mar 18 '19 at 11:18
  • What does this have to do with Angular? Why would the answer be different if you used React, VueJS, VanillaJS, PHP or Java? – JB Nizet Mar 18 '19 at 11:20
  • I'm going to give an example from our case if you create a build step (such as script or shell?) to include variable replacing (https://wiki.jenkins.io/display/JENKINS/Content+Replace+Plugin) / (https://stackoverflow.com/questions/10625259/how-to-set-environment-variables-in-jenkins) / (https://issues.jenkins-ci.org/browse/JENKINS-16660) but at the end this will be 'storing credentials in some ci/cd environment' and of course this is discussable about how secure this is. Feel free to replace this to any task such as gulp etc if you are not using any of these :) – burakakkor Mar 18 '19 at 11:20
  • @DEVCNN yeah but that doesn't resolve the issue, you still have tons of libraries and they all behave differently. For instance, you don't disclose your Discord bot token, but you can disclose your firebase token. Please explain your issue in details, otherwise you won't have answers adapted to your case ! –  Mar 18 '19 at 11:23
  • What would you do for a aws access key? Using IAM isn't possible right now. – DEVCNN Mar 18 '19 at 11:29
  • @JBNizet Nothing with angular. Just letting you know the tools used. I read that .NET has a config file and ruby has got something similar. – DEVCNN Mar 18 '19 at 11:35

0 Answers0