Home > Blockchain >  Is app.yaml on Google Cloud Platform publicly visible?
Is app.yaml on Google Cloud Platform publicly visible?

Time:12-09

I want to deploy a web API on Google cloud and for test purposes I would just put the API key in the app.yaml file as an environment variable. Is this a security issue?

CodePudding user response:

It's generally problematic to persist secrets to files. Even if the app.yaml were inaccessible from the runtime service, you'd still face challenges that it be exposed in build logs and if you inadvertently commit app.yaml to e.g. github.

For "testing", you can run generally run an App Engine locally. This isn't a perfect replica of the production service but it should be sufficient for testing.

A solution for managing secrets is e.g. Google's Secret Manager. SDKs (encouraged) and the underlying REST API (discouraged) are available.

Page link:https//www.codepudding.com/Blockchain/220838.html

Prev:Website Loading Only once then access denied - Selenium Webdriver
Next:ImportError: cannot import name 'ArticleSerializer' from 'basics.serializers'
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding