I accidentally committed my cloudbees api keys within a file in my project. Therefore, I would like to change them. Is it possible? How?
open a support request at support#cloudbees.com
Related
I'm currently working on a bot for some anarchy servers, and it's a lot more reliable for it to read the log than just plain chat. I need a way to access that, but I don't know how. Is there even a way to do this without admin access?
No there is actually no way to view this. Because it's a file located on the server you can only view it if you have (direct) file access to the server. The only way to get the latest.log file is to contact the server owner, but I think that no server owner of e.g Hypixel will give you this log file.
You can make a Minecraft plugin in Java that acts as an API server, you can then make it read the file and return it. Of course, you would want to protect it with some type of authorization. You can use an HTTP server, an example would be this, it allows commands to be executed but you could easily work off that.
As MCTzOCK mentioned you can't view it without asking for permission from the server owner.
I read the documentation on Vue CLI and I wanted to make sure if I understand it correctly.
The documentation says,
Note that only NODE_ENV, BASE_URL, and variables that start with VUE_APP_ will be statically embedded into the client bundle with webpack.DefinePlugin. It is to avoid accidentally exposing a private key on the machine that could have the same name.
So does that mean I should store my private key without the prefix VUE_APP? For example,
VUE_APP_NOT_SECRET_KEY=not_secret_key
SECRET_KEY=secret_key
Is it correct way to store my secret key?
You can store your key either in VUE_APP_NOT_SECRET_KEY=not_secret_key or SECRET_KEY=secret_key, there is no difference from security point of view, any one with a minimal front end skill get read this values from the browser.
The only difference is that if you use the VUE_APP_* prefix your variable will be in the process.env, and will be replaced by Vue in compile time using the DefinePluing.
cli.vuejs.org/guide/mode-and-env.html#environment-variables –
NOTE WELL: Anything you store in the Vue app is not secret.
You can create a .env file in the root of the project, next to package.json
In that file, you can create your environment variables as
VUE_APP_SOME_KEY="someValue"
Make sure the name starts with VUE_APP_
Then where ever you want to use it you can do
process.env.VUE_APP_SOME_KEY
Also don't forget to add .env file to .gitignore
Keys should not be stored in environment variables as they will be accessible on the client
You should be using a product like Key Vault from Microsoft. Key Vault is part of Azure services.
Best practice in the industry is to store your secrets on another server.
Microsoft provides such a way through key vault and can be easily implemented.
There are other products out there. See the azure keyvault competitor's list
Edit : I also forgot to mention, you cannot at this time use KeyVault per example directly on frontend app (single page app). You need to split the backend and frontend for it to work, otherwise you will not be able to hit the keyvault client.
I have a react-native app that communicates with a server that makes calls to stripe for payment processing/customer creation. I want to ensure that requests are coming only from my app. so i figured i could create a token of sorts on the client, and encrypt it with a special key using b-crypt, then on the server side when the request comes in with the encrypted token as a parameter, i can decrypt that token with the same special key.
i understand the optimal place to store this key is in the env variables server-side, but how do you manage security of a secret key client-side in a react-native app?
There are several ways to store keys on the client side.
The easiest way is to use the Async storage which stores data in a key value pair.
The problem with Async storage is that its nor encrypted so it wont suit your requirement.
The other option is to use the react-native-keychain library which stores the passwords or keys in the securely in the keychain of IOS and keystore in Android. The security part will be managed by the operating system. So this is an approach that can be recommended for your requirement.
There are multiple ways to do this, these are just two options.
After further research, I ended up revoking the accepted status of #GuruparanGiritharan. his solution (react-native-keychain) dealt with storing passwords in an OS's keychain implementation. this ended up not being the solution for my question. as my question deals with storing secrets keys in a way they wouldn't be visible in binary, de-compiling situation.
What I did was research key management services. I found this:
Handling secrets with dotenv
In Node.js secrets are usually loaded from env files using the dotenv
module. This is done in order to separate the secrets from source
code. For example an env file might look like this (reference below):
DB_HOST=localhost
DB_USER=root
DB_PASS=s1mpl3
Now doing this in a context (potentially development) where you dont need to implement continuous integration, it's referred to a "manual provisioning"
My issue (admittedly, I did not specify a production environment in my question) is when it comes to a production environment, in my case, with visual studio app center (a CI option for React-Native apps)
Continuing on this site for an option for key management services:
While this removes hardcoded secrets from source code, it doesn’t
solve your problem completely; Now you need to find a way to provision
your app with the .env file.
This guide will show how you can remove the secrets from the .env file
altogether, so that it can be safely checked into source control and
shipped with your application.
This guide is discussing how to implement key management in the context of a production environment with continuous integration. This approach is relatively simple and straightforward, as all you need to do is create an .env file, add the keys with a variable, and add (in this tool's case) an additional run script to your main node.js start script.
Tool mentioned: SecretHub
https://secrethub.io/docs/guides/nodejs/
I'm working in a project in which I need to record files information in the database whenever a file is added or modified so they remain synchronized. Those files are suposed to be stored in a Nextcloud server so, does Nextcloud have a way to notificate those changes (e.g. a webhook)? If it doesn't, could I achieve something similar using the webdav protocol?
Yes, there is a hook mechanism, see postCreate (\OCP\Files\Node $node) on https://docs.nextcloud.com/server/12/developer_manual/app/hooks.html
I'm using subversion to develop a website with a designer and I'm using a remote server to the Subversion database storage.
Now I need to make visible on the Apache(same machine that Subversion server) all the changes/commits that we make to the repository.
This is possible to do?
I have searched inside the repository files but nothing looks like the name of the files of the project(PHP Project).
Can someone give me a clue on how can I make visible the changes to the repository in a website? Is there a way to connect the changes that I do the the repository to the website?
Best Regards,
Assuming you can already browse the repository using HTTP, simply add something like Repos Style for a nice layout and folder/file history features.
You could shell out to svnadmin.