Secrets Management
At viaSocket, we follow a secure and centralized approach to managing secrets such as authentication tokens, API keys, passwords, and certificates. Our key practices include:
Cloud-Native Secrets Management: All secrets are stored and managed using Google Cloud Secret Manager. This ensures secrets are encrypted at rest and access is tightly controlled via IAM policies.
Environment Separation: Secrets are scoped by environment (testing vs. production), and access is restricted based on least privilege. Production secrets are never accessible from development environments.
No Local Storage: Secrets are never stored in source code or on local machines. Developers access services using temporary or environment-scoped credentials when necessary.
Access Control: Access to secrets is role-based and limited to authorized team members and services. This is enforced through GCP’s Identity and Access Management (IAM) system.
Secret Injection at Runtime: Secrets are injected into containers securely at runtime via environment variables or mounted volumes. They are never written to disk in plaintext.
Audit & Rotation: Access to secrets is logged and monitored. We regularly rotate sensitive credentials, especially API keys and tokens, following best practices and compliance requirements.
This approach minimizes exposure, enforces control, and ensures secure handling of all sensitive credentials across our infrastructure.
