Ask HN: How do you store credentials to external services?

3 points by YuriNiyazov ↗ HN
My current project involves sending e-mail and SMS, and receiving responses from users over the same channel. To connect the external providers, I have accounts with passwords.

Currently those passwords are just stored in plaintext in the source code, which feels slightly unsafe. I tell myself that the fear is completely unfounded and that if someone were to get access to the source code of the app, their ability to look at the passwords of external services will be a very small part of the problem. However, I feel it is prudent to ask before I move on:

Where do you store passwords for external services?

Thanks.

3 comments

[ 4.5 ms ] story [ 17.0 ms ] thread
Store them as a file on disk which you read in when necessary. The separation this provides gives you two benefits: First, you don't need to worry about "sanitizing" your source code if you ever want anyone else to look at it; and second, it makes it easy to use separate accounts for development vs. production.
Thank you.

Should I bother with encrypting that file, or plaintext is fine?

Encryption is probably irrelevant because the password for it will be in the code, although it will make it slightly harder if someone gains access to your server.