Google Cloud Secrets - 重用密钥
[英]Google Cloud Secrets - Reusing a secret
问题描述
I am using Google Cloud Secrets in a NodeJS Project.
我在 NodeJS 项目中使用 Google Cloud Secrets。 I am moving away from using preset environment variables and trying to find out the best practice to store and reuse secrets.我不再使用预设的环境变量,而是试图找出存储和重用机密的最佳实践。
The 3 main routes I've found to use secrets are:我发现使用秘密的 3 条主要途径是:
- Fetching all secrets on startup and set them as ENV variables for later use在启动时获取所有秘密并将它们设置为 ENV 变量以供以后使用
- Fetching all secrets on startup and set as constant variables在启动时获取所有秘密并设置为常量变量
- Each time a secret is required, fetch it from Cloud Secrets每次需要秘密时,从 Cloud Secrets 获取它
Google's own best practice documentation mentions 2 conflicting things:谷歌自己的最佳实践文档提到了 2 个相互矛盾的事情:
- Use ENV variables to set secrets at startup ( source )在启动时使用 ENV 变量设置机密(来源)
- Don't use ENV variables as they can be accessed in debug endpoints and traversal attacks among other things ( source )不要使用 ENV 变量,因为它们可以在调试端点和遍历攻击等中访问(来源)
My questions are:我的问题是:
- Should I store secrets as variables to be re-used or should I fetch them each time?我应该将秘密存储为要重复使用的变量还是应该每次都获取它们?
- Does this have an impact on quotas?这对配额有影响吗?
1 个解决方案
解决方案1
0 2022-01-04 15:26:28
The best practice is to load one time the secret (at startup, or the first time is it accessed) to optimize performances and prevent API call latency.最佳实践是加载一次密钥(在启动时,或第一次访问)以优化性能并防止 API 调用延迟。 And yes, the access secret quotas is impacted on each access.是的,访问秘密配额会影响每次访问。
If a debugger tool is connected to the environment, Variables and Env Var data can be compromised.如果调试器工具连接到环境,变量和环境变量数据可能会受到损害。 The threat is roughly the same.威胁大致相同。 Be sure to secure correctly the environment.确保正确保护环境。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.