在Heroku上发布具有api密钥的应用程序是否安全? [英] Is it safe to publish an app on Heroku that has api keys on there?

问题描述

我计划在Heroku上部署使用一些api键的应用程序.我当时计划使用git部署方法.我在应用程序上有一些api密钥，如果要妥协的话可能会产生问题.

I am planning to deploy an app that uses a few api keys on Heroku. I was planning on using there git deployment method. I have a few api keys on the application that could create problems if they were to be compromised.

通过Heroku部署这样的应用程序安全吗?我应该改用他们的保管箱方法吗?

Is it safe to deploy an app like that through Heroku? Should I use their dropbox method instead?

任何见解或反馈将不胜感激.预先谢谢你！

Any insight or feedback would be appreciated. Thank you in advance!

推荐答案

只要您信任Heroku，就不会影响您使用哪种部署方法.但是，请确保您没有直接在代码中保留机密(例如API密钥，令牌和密码).您可以改用环境变量.您可以使用Heroku仪表板或其命令行界面为环境变量分配值.

As long as you trust Heroku, is shouldn't make a difference which deployment method you use. However, make sure you don't keep your secrets (like API keys, tokens, and passwords) directly in your code. You could use environment variables instead. You can assign values to environment variables either using Heroku dashboard or their command line interface.

这篇关于在Heroku上发布具有api密钥的应用程序是否安全?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！