/plushcap/analysis/incident-io/application-secrets

Better security for your app's secrets

What's this blog post about?

The incident-io/core application uses a combination of environment variables, config files, and secrets stored in Google Secret Manager to configure the app. Config is divided into non-sensitive, sensitive, and runtime configuration types. Non-sensitive and sensitive config are tracked alongside code and expected to be set to the same value for each instance of an application environment. Runtime configuration differs as it's specific to infrastructure and may vary between instances or roles. Config files are stored in `config/environments/<env>.yml` and parsed into a Config structure defined in the code. The app loads config values via a package singleton, which is loaded on application boot. Google Secret Manager securely stores secret material under a secret name with multiple versions. It can be accessed through the Google Cloud Console or APIs. The security model separates secret material from the app runtime by placing secrets in Secret Manager and accessing them using a Google Service Account associated with the app. This limits the possibility of access to a small window between a breach and when credentials are rotated. Restricting secret access is achieved through Access Levels, Security Perimeters, and Google Access Context Manager. These measures help protect against accidental exposure or malicious attempts to extract secrets.

Company
Incident.io

Date published
July 10, 2023

Author(s)
Lawrence Jones

Word count
1683

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.