Hacker News new | past | comments | ask | show | jobs | submit login

It's not correct because he states "That’s why it’s best to use secrets as files", this is event worse than store in on ENV because in this case you just need read access to the file system instead of needing code execution, if you have RCE with the same privilege level of the application you will have access to the secret anyway.



RCE is game over, no matter what you do, but leaking environment variables can easily happen via stacktraces or debug settings.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: