|
|
|
|
|
|
by joevandyk
4418 days ago
|
|
|
I prefer storing secrets/api tokens in a database. Runs the risk of leaking secrets via a sql injection exploit though, but if that happens, you're already screwed. For development, we consider all keys/tokens available to developers as public -- i.e. for authorize.net accounts, those tokens are tied to test accounts. |
|
|