Menu
I'm deploying a Node.js app on GAE that connects to a Cloud SQL.
Following the docs, I'm told to store the user/password for the database inside app.yaml:
env_variables:
MYSQL_USER: YOUR_USER
MYSQL_PASSWORD: YOUR_PASSWORD
MYSQL_DATABASE: YOUR_DATABASE
# e.g. my-awesome-project:us-central1:my-cloud-sql-instance
INSTANCE_CONNECTION_NAME: YOUR_INSTANCE_CONNECTION_NAME
Is this really a good place to store the password?
569
Storing secrets in app.yaml risks them leaking (e.g., it's not uncommon to find them checked in accidentally on github). Storing secrets in a .gitignored file that you weave into app.yaml at deploy time is one approach. Another approach is to store the secrets in an Entity in the datastore.
For many of my apps, I store secrets in an Entity called Config, which stores stringified JSON. This simplifies the admin UI for editing them down to a single textarea, deferring the need for a more complicated UI.
For an example of this approach with a more full-featured UI, check out the Khan Academy 'snippets' app. https://github.com/Khan/snippets
176
Google does not have service for this thing (yet). I asked support about this before and their suggestion is to store the data in a datastore (encrypted)
37
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
