What are the best ways to store a secret key in Parse cloud?

2
votes

Normally I would add the secret key as an environment variable, but what is the best way to do it in Parse?

The Parse config functionality doesn't solve my problem because the secret key would be available on the client side. There are not security mechanisms to prevent access to specific config variables.

The only solution I can think of, is creating a class to store this really sensitive information and add security so it can not be accessed from a client application (or by certain users).

I don't love this solution because it adds extra requests each time the secret key is needed, which is bad in terms of response time and request usage limits/cost.

1
parse-platformcloudsecret-key

1 Answers

0
votes

In AWS ..

You can use role based authentication using AWS SDK, where it get the role of you resource (ECS, EC2) and retrieve access and secret key from resource registry.

which is a similar implementation you mentioned in your post. That is quite helpful to provide security for your access key and secret, where you don't have to parse or get it from ENV as that can be compromise any time.

Also resource registry based key keep on changing over time so if anybody gets that also can't use it.

You can try to check the implementation how AWS resource / role based authentication works for AWS SDK.