In the past, the apps and services hosted on colocated servers were typically monolithic entities that carried their functionality within their code. They didn’t need to interact with external services except for database calls. In contrast, today’s apps increasingly rely on third-party services accessed via APIs.
Consequently, developers and system administrators must manage many more sets of secret credentials. For example, a CMS may need to interact with file storage APIs like Amazon S3, payment gateway APIs like Stripe, search APIs like ElasticSearch, social media APIs, and so on. All of these require an identity and an associated API key to access, and those secrets must be managed securely.
Unfortunately, they are frequently managed insecurely. In this article, we’ll look at common but insecure techniques for managing secrets before suggesting best practices that will help you keep your secrets from prying eyes.
The Risks of Insecure Secrets Management
Insecure secrets management leads to numerous risks and vulnerabilities. One common technique is to store secrets directly within an application’s code. That’s convenient, but it makes it much easier for attackers to access sensitive information if the codebase is compromised.
Just as bad, storing secrets in code increases the likelihood of accidental exposure through version control systems like GitHub. Commits (a saved set of changes to the code) containing secrets will be visible to anyone with access to the repository.
Another common technique is to manually set environment variables containing secrets and then code the app to read credentials from the variable. This approach is more secure than storing secrets in code, but it is not risk-free. Any user or program with access to the app’s environment can read its environmental variables.
Managing secrets through environment variables also deprives developers of the ability to centrally manage and audit secret access. With multiple team members managing secrets, tracking and controlling who has access becomes increasingly difficult. The absence of a centralized system also makes it challenging to identify security breaches and respond efficiently.
Insecure secrets management exposes businesses to potential security breaches, unauthorized access to critical services, and data leaks that could cause irreparable harm to a company’s reputation and customer trust.
5 Secrets Management Best Practices
Developers and system administrators should adopt the following best practices to mitigate the risks associated with insecure secrets management.
1. Use a secrets management tool
Use secrets management tools like HashiCorp Vault, AWS Secrets Manager, or Azure Key Vault that provide a centralized and secure way to store, manage, and access secrets. These tools also offer helpful features such as access control, audit logs, and automatic secret rotation.
2. Use environment variables securely
If you prefer to use environment variables for secrets management, avoid storing secrets directly in code or shell scripts. Instead, inject them during the deployment process using a Continuous Integration/Continuous Deployment (CI/CD) pipeline or a container orchestration system like Kubernetes. This approach minimizes the risk of accidental exposure through version control systems and the need for manual updates in the code when secrets are rotated.
3. Encrypt secrets at rest
If you must store secrets on a server, ensure that they are encrypted. The built-in encryption of a secrets management tool makes this straightforward, but you could also encrypt secrets manually for smaller systems. Encrypting secrets at rest ensures that even if an attacker gains access to your server, the secrets remain unreadable and unusable.
4. Limit access to secrets
Implement the principle of least privilege when managing secrets. Only grant access to users and applications that need it, regularly review access permissions, and revoke them when they are no longer needed. Limiting access to secrets reduces the attack surface and minimizes the possibility of unauthorized access to sensitive information.
5. Rotate secrets regularly
Regularly update and rotate secrets, especially API keys and access tokens. Frequent rotation minimizes the impact of security incidents by reducing the time window during which an attacker can exploit a stolen secret. Not rotating secrets increases the risk of prolonged unauthorized access, resulting in potentially severe consequences for business operations and customer trust.
Adopting these best practices for secrets management will help developers and system administrators reduce the risk of exposing sensitive credentials to unauthorized users or applications. Changing to a secure secrets management strategy may require time and effort initially, but it will contribute to the long-term integrity and security of your systems and data.