Hi friends,
May I ask what is the proper way for storing credentials in a rust project? I just finished my first small project in Rust and I was using .env now. but seems that it's not a good practice?
In C++/Rust, how shall we do it?
The proper way of storing credentials is "don't". That mostly entails reading them from an external file and putting that file under VCS-ignore. Whether it's .env or a proper document description language (e.g., JSON, TOML, or YAML) doesn't matter much.
Yeah, I don't mean uploading the credentials to Git or any other version control system. I'm referring to the process of deploying to the production system. What is a better way to handle credentials in such cases? I know some people just put them in /usr/share/... . Or is it a good practice to directly compile the credentials into the binary file?
Common solutions to this include:
- Environment variables
- Files secured with filesystem permissions and possibly encrypted
- Credential management software, for example, Hashicorp Vault
But this isn't really a Rust question, this applies to all software.
1 Like
Wouldn't it be exactly the same? You put the credentials into a file at a known (or parameterizable) location, and the executable reads it.
Don't do that under any circumstances.
3 Likes
yup make sense, I'm just wondering whether we have other tricks for Rust or for compiled languages...
LOL. thanks man!