Until when? Secrets in applications in many cases (I would probably wager majori... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jkrejcha 71 days ago \| parent \| context \| favorite \| on: Environment variables are a legacy mess: Let's div... Until when? Secrets in applications in many cases (I would probably wager majority of the cases) are only useful if they're in plaintext at some point, for example if you're constructing a HTTP client or authenticating to some other remote system. As far as high-level language constructs go, there were similarish things like SecureString (in .NET) or GuardedString (in Java), although as best as I can tell they're relatively unused mostly because the ergonomics around them make them pretty annoying to use.

vendiddy 61 days ago [–]

Just seeing this now.

The thinking was to minimize the the places where a secret could leak. So with an HTTP client, I would think at the lowest layer possible.

I don't think of it as a way to eliminate secrets leaking. More-so reducing the surface area of accidental leaks.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact