App Security

So last night I did the cardinal sin: I committed my AWS access details to a public repo on Github.

Fortunately, Github picked it up within a few minutes, and I immediately logged in and deleted those keys in AWS.

I’ll fix the repo later.

Two lessons learned:

  1. Don’t do it.
  2. As soon as you realise you’re putting keys into an app, always, always, always put them into environment variables in the first instance. I normally do this, and just tried to “get this bloody thing working”, then forgot about that bit, then committed the changes.

Oops. That was more public than I intended to be.

Similar Posts