Skip to content

Secure Google login secrets #33

Description

@Serumola

Goal

  • Keep Google client ID and secret out of the code and out of GitHub.
    Description

  • The project uses Google login. That requires private values that should not be committed into source control.

Why this matters

  • Secrets exposed in code can be abused. We need a safe way to store and load them when the app runs on EC2.
  • What to do
  • Decide how secrets will be stored
  • Use environment variables for local and EC2 runs
  • Avoid hard-coding private values in files
  • Document where the secrets belong

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions