|
|
|
|
|
|
by inopinatus
1507 days ago
|
|
|
When I’m feeling especially paranoid e.g. regarding a key used for financial transactions, then I’ll compartmentalise the runtime using it with the absolute minimum surface area, talk to that over a message queue or similar async construct, and audit the wazoo out of all usage. But also note, in such a case the key probably isn’t coming from an environment variable, more likely is a subkey generated by a HSM. |
|
|