最强大的方式来存储api密钥(客户端)? [英] Most robust way to store api keys (client side)?
问题描述
我已经创建了一个java守护程序,用于从社交网络帐户收集数据。我使用很多服务,包括Flick,S3,GeoCoding等。目前我已经设置了从属性文件中读取所有这些API密钥的程序。我的测试文件夹中还有一个类似格式的属性文件,其中包含用于测试目的的不同键。这些属性文件没有明确的承诺来源。这个收集程序写入一个mongo数据库。我还在构建一个也可以与mongo一起工作的网络应用程序,并将其部署在集合中。在开发过程中,我正在阅读,最好将密钥存储在生产端的环境变量。它让我想起来这导致我的问题...
I have created a java daemon program that collects data from social network accounts. I use a lot of services including Flick, S3, GeoCoding, etc. Currently I have the program set up to read all these API keys from a properties file. I also have a similarly formatted properties file in my test folder that contains different keys for testing purposes. These property files are not committed to source obviously. This collection program writes to a mongo db. I am also building a web app that also works with mongo and will be deployed along side the collection. During my development I am reading that it is best to store keys as environment variables on the production side. It got me think; which leads me to my question...
我想知道是否有更好的方法来处理这些密钥在我的java程序(从部署的角度)或一些可能人们尝试过与此类似的路线。有人可以在这方面有所作为吗?
I am wondering if there is a better way to handle these keys in my java program (from a deployment standpoint) or some possible routes that people have tried in doing something similar to this. Can someone shed some light on this?
推荐答案
最新的热度(在容器的世界中)是使用 zookeeper , etcd 或 consul 作为分布式配置存储。 confd 工具能够确保应用程序配置文件与配置更改保持同步。
The latest hotness (in a world of containers) is to use zookeeper, etcd or consul as a distributed configuration store. The confd tool is capable of ensuring that application configuration files are kept in sync with changes to configuration.
我的个人偏好是Consul,它具有类似的模板工具,名为 consul-template ,另一个称为 envconsul ,如果您希望您的程序消费环境变量。
My personal preference is Consul which has a similar template tool called consul-template, and another called envconsul if you would prefer your program to consume environment variables.
最后,领事馆的Hasicorp拥有一个名为的加密产品跳马。它与领事工作良好,并得到领事馆模板的支持。
Finally Hasicorp, the makers of consul, have an encryption product called vault. It works well with consul and is also supported by consul-template.
这篇关于最强大的方式来存储api密钥(客户端)?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
