Secrets and Environment Variables
Using secrets and environment variables instead of hardcoding this information directly into code mitigates security risks, increases flexibility, and avoids version control issues.
On Customary, users can create and attach secrets and environment variables to deployments, making them available to the deployed code. This allows for secure and flexible management of sensitive data and configuration settings, improving the overall security and adaptability of applications deployed on Customary.
What are Secrets and Environment Variables?
Secrets and environment variables are key-value pairs that can be used to store and manage sensitive information and configuration settings for your application.
Secrets are used to store sensitive data like API keys, database credentials, or any other information that should not be exposed in your code or version control system.
Environment Variables are used to store configuration settings that your application needs to run. These can include things like the runtime environment (development, staging, production), feature flags, or any other settings that might change between deployments.
Why Use Secrets and Environment Variables?
Hardcoding sensitive information and configuration settings directly into your code can lead to several issues:
-
Security Risks: Exposing sensitive data in your code can lead to security breaches if your code is ever exposed or your version control system is compromised.
-
Lack of Flexibility: Hardcoding configuration settings can make it difficult to change those settings for different environments or deployments.
-
Version Control Issues: Storing sensitive data in your code means that data gets included in your version control history, which is not ideal.
Using secrets and environment variables solves these issues by providing a secure and flexible way to manage sensitive data and configuration settings.
How to Use Secrets and Environment Variables on Customary
Using secrets and environment variables on Customary involves a few steps:
-
Create a Secret or Environment Variable: Navigate to your Customary settings and create a new secret or environment variable. You’ll need to provide a key (the name of the variable) and a value.
-
Use the Secret or Environment Variable in Your Code: In your code, you can access the value of a secret or environment variable using the key you provided. The exact syntax for this depends on the programming language you’re using, but generally involves calling a function like
getenv('KEY')
. -
Attach the Secret or Environment Variable to a Deployment: Once you’ve created a secret or environment variable and used it in your code, you can attach it to a deployment. This makes the secret or environment variable available to the code in that deployment.
Conclusion
Secrets and environment variables provide a secure and flexible way to manage sensitive data and configuration settings for your deployments on Customary. By understanding what they are and how to use them, you can improve the security and flexibility of your applications.