Are Heroku environment variables a safe way to store sensitive data?

Question

Are Heroku environment variables a safe way to store sensitive data?

I am using Heroku to deploy a Rails application. I store sensitive data such as API keys and passwords in Heroku environment variables, and then use the data in rake tasks that use different APIs.

I'm just wondering how safe Heroku's environment variables are? Is there a way to hash these variables while still being able to use them in the background?

I came across the previous chain: Is it safe to store passwords as environment variables (and not as plain text) in configuration files? .

But it doesn’t quite cover cases when I still need to disable the password to perform important background tasks.

+4

ruby ruby-on-rails heroku

tdkr Jul 6 '14 at 5:28

source share

2 answers

? ?

ENV , . , ( -).

, . .

IMO , , , , .

+1

spickermann 06 . '14 8:16

Richard Peck · Accepted Answer · 2014-07-06T07:38:23+0000

A few things (mostly my opinion):

-

1. API Key! = Password

When you talk about API Keys, you are talking about a public token, which, as a rule, is already very secure. The current nature of the API is the need for some kind of preliminary authentication (at the application or user level) to create a more reliable level of security.

First, I guarantee what type of data you store in variables ENV. If these are clear passwords (for email, etc.), you might consider moving your installation to one of the cloud providers ( SendGrid/ Mandrilletc.), allowing only API keys to be used

API , , API.

-

2. ENV Vars OS-level

, . , TEMP HOME USERPROFILE, , , .

, , environment, . "", , .

ENV-. , -

, ENV , , .

Are Heroku environment variables a safe way to store sensitive data?

More articles: