Menu
I overheard on in a passing conversation that ENV (config vars) on Heroku is not the safest place to store sensitive variables. I thought the opposite was true, and my Google-fu is not helping me any here. Any thoughts?
575
Heroku config vars are designed to be safe for storing sensitive information. All config vars are stored in an encrypted form and safely stored. These are only decrypted and loaded when booting your app in a dyno itself.
102
That depends what you mean by secure. In the settings section of your application on the Heroku dashboard, there is a "Reveal Config Vars" button. This will display your config vars to anyone who has access to the app.
For this reason, you probably don't want to have things like AWS_SECRET_ACCESS_KEY, or critical passwords in your config vars.
5
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
