如何安全地将 API 凭据传递到托管我的 python 脚本的远程 Heroku 服务器?
[英]How do I securely pass API credentials to a remote Heroku server that my python script is hosted on?
问题描述
I'm currently trying to host my first discord bot on heroku.
我目前正在尝试在 heroku 上托管我的第一个 discord 机器人。 In order to get the bot up and running I have to pass several tokens for discord authentication such as authentication for some APIs I'm using.为了让机器人启动并运行,我必须为 discord 身份验证传递几个令牌,例如我正在使用的某些 API 的身份验证。
During development I was using a config.json file which contains all the information I need for the bot to work.在开发过程中,我使用了一个 config.json 文件,其中包含机器人工作所需的所有信息。 This works fine when hosted on my local machine, however I'm not sure if I should upload a file which contains passwords to a remote server like Heroku.这在我的本地机器上运行良好,但是我不确定是否应该将包含密码的文件上传到远程服务器,如 Heroku。
What would be a proper and secure way for me to pass my API credentials to Heroku?将我的 API 凭据传递给 Heroku 的正确且安全的方法是什么?
1 个解决方案
解决方案1
0 已采纳 2020-04-28 13:42:08
the way to provide credentials/tokens/pwd is to use Config Vars.提供凭证/令牌/密码的方法是使用 Config Vars。 Only the application admin has access to this info (in the Heroku Dashboard).只有应用程序管理员有权访问此信息(在 Heroku 仪表板中)。
It is acceptable to trust the hosting infrastructure with this data as your applications are running on it and require it.当您的应用程序在其上运行并需要它时,使用此数据信任托管基础架构是可以接受的。 For top security applications you would probably use a different hosting solution (private cloud) or run your own server.对于顶级安全应用程序,您可能会使用不同的托管解决方案(私有云)或运行您自己的服务器。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.