Credential management in Rust

Hi friends,

May I ask what is the proper way for storing credentials in a rust project? I just finished my first small project in Rust and I was using .env now. but seems that it's not a good practice?

In C++/Rust, how shall we do it?

The proper way of storing credentials is "don't". That mostly entails reading them from an external file and putting that file under VCS-ignore. Whether it's .env or a proper document description language (e.g., JSON, TOML, or YAML) doesn't matter much.

Yeah, I don't mean uploading the credentials to Git or any other version control system. I'm referring to the process of deploying to the production system. What is a better way to handle credentials in such cases? I know some people just put them in /usr/share/... . Or is it a good practice to directly compile the credentials into the binary file?

Common solutions to this include:

  1. Environment variables
  2. Files secured with filesystem permissions and possibly encrypted
  3. Credential management software, for example, Hashicorp Vault

But this isn't really a Rust question, this applies to all software.

1 Like

Wouldn't it be exactly the same? You put the credentials into a file at a known (or parameterizable) location, and the executable reads it.

Don't do that under any circumstances.

3 Likes

yup make sense, I'm just wondering whether we have other tricks for Rust or for compiled languages...

LOL. thanks man!

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.