12 lines
736 B
Plaintext
12 lines
736 B
Plaintext
== Recommended Secure Coding Practices
|
|
|
|
Only administrators should have access to the service account key used by your application.
|
|
|
|
As a consequence, service account keys should not be stored along with the application code as they would grant special privileges to anyone who has access to the application source code.
|
|
|
|
Keys should be stored outside of the code in a file that is never committed to your application code repository.
|
|
|
|
If possible, a better alternative is to use your cloud provider's service for managing secrets. On Google Cloud this service is called https://cloud.google.com/secret-manager[Secret Manager].
|
|
|
|
When keys are disclosed in the application code, consider them as compromised and revoke them immediately.
|