Ask HN: Best way to manage API secrets and other secrets in teams
Searched a bit around but didn't find a clear answer to this:
API and other secrets/credentials shouldn't be on source control and .gitignored. Still they need to be backed up, shared to team members, updated, etc.
What's the best way to do this (just for server-side apps) without using any paid 3rd party product?
5 comments
[ 3.1 ms ] story [ 19.9 ms ] threadIn the very small teams, you can do something as simple as Google Doc or Last Pass shared notes, and install the keys manually as needed. In this case, your code would be looking for secrets at a pre-defined location, like ~/.your-company-name/secrets, and secrets would me manually copied there.
for sharing secrets with your team i would go with password manager. bitwarden.com if you are looking for a open source one.
I'm actually more interested in the same question but for personal projects where you don't want to pay or pay no more than say $1/mo. Is there a solution for that?
Maybe a hashicorp consul self-hosted? A lot of work to set up for personal project but maybe worth it to do one time?