The devops guidelines at https://12factor.net/config suggest to put website secrets (database passwords, api keys, etc.) into environment variables. What advantages does that have instead of using text files (JSON, XML, YAML, INI, or similar) ignored from version control?
I find it much easier to copy a configuration file with secrets than to handle environment variables in .bash_profile and webserver configuration. Do I miss something?
Best Answer
The author lists their reasoning, although it's a bit disjoint. Their primary argument is that it's easy to accidentally check in a config file, and that config files have varying formats and may be scattered around the system (all three of which are at best mediocre arguments for security related config like auth tokens and credentials).
Given my own experience, you've essentially got the following three options, with associated advantages and disadvantages:
Store the data in config files.
When taking this approach, you should ideally isolate them from the repository itself, and make sure they're outside of the area that the app stores it's content in.
Advantages:
Disadvantages:
Store the data in environment variables.
Usually this is done by sourcing a list of environment variables and values from the startup script, but in some cases it might just state them on the command-line prior to the program name.
Advantages:
Disadvantages
hidepid
mount option for/proc
on LInux for example), but they aren't enabled by default, and don't protect against attacks from the user who owns the process.Use command-line arguments to pass in the data.
Seriously, avoid this at all costs, it's not secure and it's a pain in the arse to maintain.
Advantages:
Disadvantages: