Hello World This relates to that never ending question of securing the credentials in production/staging envs, that is, avoiding storing them as plain text
I am wondering if anyone could share their thoughts about the following approach we are thinking of taking. Here we go: During build phase, an encryption key is generated and credentials are encrypted with it. Once deployed, the instance decrypts credentials with the provided key and does what it needs with them. Just before destroying the original files (creds & key), the instance then generates a new encryption key and re-encrypts a copy of credentials, which it keeps in memory. Newly encrypted credentials along with the key are only dumped onto a filesystem if the application panics and requires to be restarted, at which point the same cycle key rotation decryption/encryption happens again. Is any security benefit with such approach? -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/1340d748-5284-493d-9c94-7b5844ba1a62n%40googlegroups.com.
