Web Security

Hoe bescherm je API keys en secrets?

Never expose secrets in code.

Home/Categorieën/Web Security/Hoe bescherm je API keys en secrets?

Secrets management

.env files (not in git) Environment variables Secrets vaults (AWS Secrets Manager) Rotate regularly

Code Voorbeelden

BASH.gitignore secrets

# .gitignore
.env
.env.local
.env.*.local
node_modules/

# .env.local (DON'T COMMIT)
DATABASE_URL=postgresql://...
API_KEY=secret123

# Code
const apiKey = process.env.API_KEY;

💡 Praktijk Tips

.env files nooit in git. Use environment variables in production.

Relevante trefwoorden

secretsenvironment.env

← Terug naar Web Security Alle categorieën →