将密钥推送到heroku，安全吗? [英] Pushing secret keys to heroku, safe?

问题描述

我有一个应用，其中的几个密钥存储在各种yml文件中，例如存储在amazon.yml中的aws aws键，存储在pusher.yml中的按钮键以及更多其他功能.

I have an app with several secret keys stored in various yml files e.g. amazon aws keys stored in amazon.yml, pusher keys stored in pusher.yml and plenty more for various other features.

应用程序的代码库存储在私有(收费)的GitHub存储库中，因此可以保护密钥免受公共访问.但是，我计划将其推送到heroku-我将按原样推送该应用程序.

The codebase for the app is stored in a private (paid) GitHub repository, so the keys are protected from public access. However, I'm planning on pushing to heroku - and I will be pushing the application as is.

通过这种方式公众可以访问密钥吗?或者heroku在隐藏/保护推送到heroku服务器上的GitRepo方面做得很好.

Will the keys be accessible to the public this way? Or does heroku do a good job of hiding/protecting the GitRepo that is pushed to heroku's server.

请帮我解决这个问题.

谢谢！

推荐答案

只有经过授权才能访问应用程序的人员才能访问repo和应用程序配置设置.

Both the repo and app config settings are accessible only to people who have been authorized to access the app.

这篇关于将密钥推送到heroku，安全吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！