问题
I am planning to deploy an app that uses a few api keys on Heroku. I was planning on using there git deployment method. I have a few api keys on the application that could create problems if they were to be compromised.
Is it safe to deploy an app like that through Heroku? Should I use their dropbox method instead?
Any insight or feedback would be appreciated. Thank you in advance!
回答1:
As long as you trust Heroku, is shouldn't make a difference which deployment method you use. However, make sure you don't keep your secrets (like API keys, tokens, and passwords) directly in your code. You could use environment variables instead. You can assign values to environment variables either using Heroku dashboard or their command line interface.
来源:https://stackoverflow.com/questions/43507469/is-it-safe-to-publish-an-app-on-heroku-that-has-api-keys-on-there