14 lines
951 B
Plaintext
14 lines
951 B
Plaintext
== Recommended Secure Coding Practices
|
|
|
|
Only administrators should have access to the IBM API keys used by your application.
|
|
|
|
As a consequence, IBM API keys should not be stored along with the application code as they could be disclosed to a large audience or could be made public.
|
|
|
|
IBM API keys should be stored outside of the code in a file that is never committed to your application code repository.
|
|
|
|
If possible, a better alternative is to use your cloud provider's service for managing secrets. On IBM Cloud this service is called https://www.ibm.com/cloud/secrets-manager[Secrets Manager].
|
|
|
|
When credentials are disclosed in the application code, consider them as compromised and revoke them immediately.
|
|
|
|
In addition to secure storage, it's important to apply https://www.ibm.com/docs/it/db2oc?topic=management-identity-access-iam-cloud[restrictions] to API keys in order to mitigate the impacts when they are discovered by malicious actors.
|