Hacker News new | past | comments | ask | show | jobs | submit login

The whole industry should adopt a convention to prefix production keys with a well known prefix, such as "prod_secret_".

We should have our systems and precommit hooks then alert us when those enter places they shouldn't and help us automate rotation.




You're not the first with this idea! There exists a standard, see RFC 8959: https://www.rfc-editor.org/rfc/rfc8959.html

Previous HN discussion: https://news.ycombinator.com/item?id=25978185


Bad idea. Better do it in DEV like you would do in PROD, not to shoot yourself in the foot. If you do it right in DEV, no problem in PROD.

And what if your DEV is not actually well isolated from PROD/other infra? And what if some real data sneaked into DEV? Etc.


I think prod_ might not be the important part there, so something like __secret__ should be enough.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: