在部署应用程序引擎应用程序时如何处理敏感的配置信息? [英] How to handle sensitive configuration information when deploying app-engine applications?
问题描述
示例:我有一个应用程序需要访问提供认证令牌的API
myApi = MyApi(token = my_private_sensible_token )
我想避免在作为项目一部分的配置文件中拥有该私钥。 / p>
想到的一个解决方案是在由有限数量的授权人员维护的单独的代理应用程序中隔离与此服务的交互。应用引擎允许通过身份验证来保护处理程序,我可以轻松地在代理中仅允许来自授权的应用程序引擎消费者应用程序的呼叫。
我可以使用不同的解决方案认为,在某些时候,所有这些都使得这个私人令牌在消费者应用程序内存中可用,这可能允许恶意用户(维护消费者)编写一个处理程序,打印出这个秘密令牌,以某种花哨的方式检索应用程序。
您有更好的建议吗?
另一种可能的方法是拥有2个应用程序副本(实际上是2个不同的应用程序,具有相同的代码),每个应用程序都有自己的app_ID,配置文件等: / p>
- 一个用于开发/分期,可通过更大的开发
团队访问 - 一个用于生产 - (可能从同一个SCM r克隆/分叉) epo,也许是私人分支?)只能由受信任的开发人员访问,并且配置文件的内容被覆盖/更新用于生产部署
这样的设置可以提供额外的好处,除了限制访问生产凭证,例如:
- 使用CI系统的能力,包括自动部署在非常接近到生产环境
- 更严格地控制生产部署
Example: I have an applications that needs to access an API providing an authentication token
myApi = MyApi(token=my_private_sensible_token)
I want to avoid having that private token in a configuration file that is part of the project.
One solution that comes to mind is to isolate interaction with this service in a separate proxy application that is maintained by a restricted number of authorised people. App-engine allows to protect handlers with authentication and I could easily, in the proxy, allow only calls coming from an authorised app-engine consumer application.
Different solutions I can think of, at certain point all make this private token available in the consumer application memory, this could allow a malicious user (that maintains the consumer) to write an handler that prints out this secret token that in some fancy way the application has retrieved.
Do you have better suggestions?
Another possible approach is to have 2 copies of the app (actually 2 different apps which happen to have the same code), each with their own app_ID, config file(s), etc:
- one for development/staging, accessible by the larger development team
- one for production - (possibly cloned/forked from the same SCM repo, maybe a private branch?) only accessible by the trusted devs and with the contents of the config file overwritten/updated for production deployment
Such setup can offer additional benefits besides just restricting access to production credentials, for example:
- ability to use a CI system which includes automatic deployment on a very close to production environment
- tighter control to production deployments
这篇关于在部署应用程序引擎应用程序时如何处理敏感的配置信息?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
