存储 api 密钥的最强大的方式(客户端)? [英] Most robust way to store api keys (client side)?
问题描述
我创建了一个 Java 守护程序,用于从社交网络帐户收集数据.我使用了很多服务,包括 Flick、S3、GeoCoding 等.目前我已将程序设置为从属性文件读取所有这些 API 密钥.我的测试文件夹中还有一个类似格式的属性文件,其中包含用于测试目的的不同键.这些属性文件显然没有提交给源.此收集程序写入 mongo 数据库.我还在构建一个 Web 应用程序,它也可以与 mongo 一起使用,并将与集合一起部署.在我的开发过程中,我读到最好将密钥存储为生产端的环境变量.这让我思考;这让我想到了我的问题...
I have created a java daemon program that collects data from social network accounts. I use a lot of services including Flick, S3, GeoCoding, etc. Currently I have the program set up to read all these API keys from a properties file. I also have a similarly formatted properties file in my test folder that contains different keys for testing purposes. These property files are not committed to source obviously. This collection program writes to a mongo db. I am also building a web app that also works with mongo and will be deployed along side the collection. During my development I am reading that it is best to store keys as environment variables on the production side. It got me think; which leads me to my question...
我想知道是否有更好的方法来处理我的 java 程序中的这些键(从部署的角度来看),或者人们在做类似的事情时尝试过的一些可能的路线.有人可以对此有所了解吗?
I am wondering if there is a better way to handle these keys in my java program (from a deployment standpoint) or some possible routes that people have tried in doing something similar to this. Can someone shed some light on this?
推荐答案
最新的热点(在容器世界中)是使用 zookeeper、etcd 或 consul 作为分布式配置存储.confd 工具能够确保应用程序配置文件与配置更改保持同步.
The latest hotness (in a world of containers) is to use zookeeper, etcd or consul as a distributed configuration store. The confd tool is capable of ensuring that application configuration files are kept in sync with changes to configuration.
我个人更喜欢 Consul,它有一个类似的模板工具 consul-template,还有另一个如果您希望程序使用环境变量,则称为 envconsul.
My personal preference is Consul which has a similar template tool called consul-template, and another called envconsul if you would prefer your program to consume environment variables.
最后,consul 的制造商 Hasicorp 有了一个名为 vault 的加密产品.它与 consul 配合得很好,也得到 consul-template 的支持.
Finally Hasicorp, the makers of consul, have an encryption product called vault. It works well with consul and is also supported by consul-template.
这篇关于存储 api 密钥的最强大的方式(客户端)?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
