secret-key

I am using Rails 4.1.1 and ruby 2.0.0 I've currently ignored my secrets.yml file to my gitignore for github. secrets.yml development: secret_key_base: numb3r57ndl3tt3r5 test: secret_key_base: differentnumbersandletters13531515 production: secret_key_base: <%= ENV["SECRET_KEY_BASE'] %> If this production key is dynamic, where does it read it from? Where do we provide that info? How does that info get to heroku without getting to github? I already have a secret key environment variable in my heroku app's settings. I think it was created when I used the heroku_secrets gem https://github.com

Microservices and Cloud is a thing. Everyone is talking and writing about. Personally i am thinking a lot about this topics: How this can be used to benefit from? What are possible challenges? How can this speedup the daily development? And how to manage all things? One question that bothers me since a few days is "How to manage secrets in a Microservice / Cloud environment?". Imagine a company with 150 software engineers and various teams with various products. Every team is creating a software and every service needs various amounts of secrets (API-Keys, Passwords, SSH-Keys, whatever). The

I am going to apply JWT into my REST API developed using Java-Jersey. I am using this library for JWT - https://github.com/auth0/java-jwt I have few questions about the JWT - Secret Does this Secret has to be unique? Shall I use the hashed version of user's password for secret? (Then it is not unique anyway) This is because then when user changed his password, his token will be automatically invalid. Does this Secret has to be unique? It should be unique to your application — it needs to be a secret , after all — but it won't be unique for each token. Rather, you should have a relatively small

I came across many APIs that give the user both an API key and a secret . But my question is: what is the difference between both? In my eyes, one key can be enough. Say I have a key and only I and the server know it. I create a HMAC hash with this key and do an API call. On the server, we create the HMAC hash again and compare it with the sent hash. If it's the same, the call is authenticated. So why use two keys? Edit: or is that API key used to lookup the API secret? SALMAN Secret key cryptography relies on using the same key to encode and then later decode a message. Thus, only those who

I'm trying to accomplish the simple, and upload to Amazon S3 directly JavaScript. How and where would I hide my access and secret keys though? I'm not seeing anything in their documentation or on this site that answers this. I'm using their recommended way to set this up in HTML. I'm also using Backbone and Bower. <script src="https://sdk.amazonaws.com/js/aws-sdk-2.0.25.min.js"></script> <script type="text/javascript"> // See the Configuring section to configure credentials in the SDK AWS.config.credentials = ...; // Configure your region AWS.config.region = 'us-west-2'; </script> <input type=

I am new of iOS swift 3 development. Now, I am working on a project which needs encryption, message authentication code(MAC) and Hashed-base-MAC. These algorithms require secret keys. I know that it is a bad practice to hard-code the keys inside the code, like: let key = "secretkeyabc123" Searched and read some articles like: In iOS, how can I store a secret "key" that will allow me to communicate with my server? Since other people may perform reverse engineering, I am finding a way to protect my keys. Requirements: No hash the key. Time allows to crack it, or with hashed table and dictionary