On 12/11/2018 12:47 AM, Lance Haig wrote:
Hi,
I have a project I am working on https://github.com/lhaig/usery/ and
part of the roadmap of the project is to add more cloud types to the
list.
I wanted to allow admins for these services to login and create
records for their different clouds in the DB and then use these when
people request access to these services.
I need to find a secure way to store these credentials so that even if
the DB is compromised that the credentials are safe.
I agree credentials should not be stored in the database but what are
your other assumptions about the threats?
How many sets of credentials will there be?
In future, will you be using simple credentials or tokens, certificates,
multi factor auth?
If this is a prototype and only a few sets are involved you can store
credentials in a file or one file per set and write a method to fetch
them as required. That will keep them out of the database and let you
rejig the method after you have decided how it should really work.
Does anyone have suggestions on how I can accomplish this?
I would really appreciate some advice.
Regards
Lance
--
You received this message because you are subscribed to the Google Groups "Django
users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/c8819341-7c60-56ee-6298-3a6a7897e9b1%40dewhirst.com.au.
For more options, visit https://groups.google.com/d/optout.
