...
In this sample your code is not secured. Anyone with access to the backoffice could see the authorization credentials.
...
Basic security setup
The bot automatically encrypts all the variables ending with _password or _secret. Rename your sensitive variables accordingly:
...
| Code Block |
|---|
headers = {
'Accept': 'application/json',
'Content-Type': 'application/json',
'Authorization': Bot.Bot().GetPasswordConfig("jira_authorization_secret")
}
url = Bot.Bot().GetConfig("one_app_api") + "search?username={email}"
response = requests.get(url, headers=headers) |
Pro : Very simple
Con : Password potentially saved in git & once you know the key, you can decrypt them
Environment Security
We can store passwords as an environment variable such as below :
| Code Block |
|---|
elastic_password = VARIABLE::varname |
Better than basic, no password will ever be visible in the backoffice and password will never be saved in git, and only accessible and editable by someone with a vm access
Azure Vault Security
We are using in this strategy an azure vault, we have a documentation page here : /wiki/spaces/DO/pages/3341090877
In our environment code, we will store the credentials using this new method so the secrets are stored in a secured azure security vault, only accessible by the bot, and a few chosen consultants.
| Code Block |
|---|
elastic_password = AZUREKEYVAULT::varname |