问题
I have created a java daemon program that collects data from social network accounts. I use a lot of services including Flick, S3, GeoCoding, etc. Currently I have the program set up to read all these API keys from a properties file. I also have a similarly formatted properties file in my test folder that contains different keys for testing purposes. These property files are not committed to source obviously. This collection program writes to a mongo db. I am also building a web app that also works with mongo and will be deployed along side the collection. During my development I am reading that it is best to store keys as environment variables on the production side. It got me think; which leads me to my question...
I am wondering if there is a better way to handle these keys in my java program (from a deployment standpoint) or some possible routes that people have tried in doing something similar to this. Can someone shed some light on this?
回答1:
I would recommend a database. If you are only storing API keys for personal use, then the size of the database isn't probably a major concern. Personally, I would suggest MySQL (or alternatively SQLite) as they are both quite well-supported.
If you encrypt your keys then it shouldn't matter too much where you store your database, although of course I still wouldn't make it openly downloadable. Just pick a good encryption tool and do not try developing your own encryption algorithm!
回答2:
The latest hotness (in a world of containers) is to use zookeeper, etcd or consul as a distributed configuration store. The confd tool is capable of ensuring that application configuration files are kept in sync with changes to configuration.
My personal preference is Consul which has a similar template tool called consul-template, and another called envconsul if you would prefer your program to consume environment variables.
Finally Hasicorp, the makers of consul, have an encryption product called vault. It works well with consul and is also supported by consul-template.
来源:https://stackoverflow.com/questions/33358185/most-robust-way-to-store-api-keys-client-side