Hacker News new | ask | show | jobs
by smt88 1734 days ago
The secrets are secret. Store them securely.

If storing the secrets securely doesn't cause the public settings to be inaccessible where/when they're needed, then you have nothing else to do.

Separate the secret and non-secret data. Don't even use files, just let each item be its own individual value with its own key and permissions.

Also, it doesn't sound like anyone debating this is experienced enough to be making security decisions, even very basic ones.
1 comments
iamAy0 1734 days ago
we aren't here discussing about whether the used pattern is correct or not, it's clearly not. But that's not the scope of the question.
link
smt88 1734 days ago
Then the file is secret. It's a nonsensical argument.

It's like saying, "If I put military secrets and my grocery list in a locked briefcase, is the briefcase a secret?"

First: yes, of course it is. Second: the secrets are not inherently tied together forever. You can separate them.

link