upvote

points

by kstrauser6 hours ago |
comments
upvoteby nextaccountic2 hours ago|
next
[-]
> Only the app can see it, via an env var (which obviously can’t be encrypted in such a way that the app can’t see it, otherwise it’d be worthless)

Yeah, I'm very confused. It's not possible to encrypt env vars that the program needs; even if it's encrypted at rest, it needs to be decrypted anyway before starting the program. Env vars are injected as plain text. This is just how this works, nothing to do with Vercel.

This situation could some day improve with fully homomorphic encryption (so the server operates with encrypted data without ever decrypting it), but that would have very high overhead for the entire program. It's not realistic (yet)

reply
upvoteby rcxdude3 hours ago|
prev|
next
[-]
You always get people screaming about 'it should have been encrypted!' when there's a leak without understanding what encryption can and can't do in principle and in practice (it most certainly isn't a synonym for 'secure' or 'safe').
reply
upvoteby CodesInChaos3 hours ago|
parent|
next
[-]
Encryption turns your data confidentiality problem into a key management problem.
reply
upvoteby dnnddidiej2 hours ago|
parent|
[-]
Also if you want to keep a secret a secret forever, encrypted but saved data may be easily decrypted in the future. Most secrets though in reality are less useful in X years time.
reply
upvoteby lemagedurage2 hours ago|
parent|
[-]
Theoretically maybe, but there's no indication that a quantum-resistant algorithm can't encrypt something that's secure for the coming million+ years.
reply
upvoteby hilariously14 minutes ago|
parent|
[-]
Sure there is, just use a one time pad and never repeat the message.

Oops - you said the opposite of what I read, my mistake.

reply
upvoteby ErroneousBosh3 hours ago|
parent|
prev|
[-]
Whenever someone says "But it should have been encrypted!" about things like configs on a server, I ask them how they'd implement that in practice.

PoC or GTFO.

I think you'll find it's a bit harder to do than you expect.

reply
upvoteby nallerooth4 hours ago|
prev|
next
[-]
I don't know how it works on Vercel, but on other platforms it usually means that the value will be redacted in logs as well.
reply
upvoteby dnnddidiej2 hours ago|
prev|
next
[-]
Where I work we started using Vault and you store the vault key (as in looup key) in as a regular non-hidden env var. I think this is probably more solid.
reply
upvoteby skywhopper1 hours ago|
parent|
[-]
Yeah, the Vault model, where you just refer to the secret’s path (where it is hopefully also dynamically generated and revoked after use), based on short-lived OIDC-style auth, is about the safest mechanism possible for this sort of secrets management. I’ve been trying to spread this pattern everywhere I’ve worked for a decade now. But it’s a lot of work to set up and maintain.
reply
upvoteby 6 hours ago|
prev|
next
[-]
deleted
reply
upvoteby dkersten5 hours ago|
prev|
next
[-]
This is also how other cloud providers do it, eg DigitalOcean.
reply
upvoteby skywhopper1 hours ago|
prev|
[-]
But if they are readable to the “developer” then they are readable to anyone who gets access to the developer’s Vercel credentials. If Vercel provides a way to avoid that that didn’t get used, that’s the failure. Sure, you can quibble with the exact understanding of the author over whether they were “encrypted” or not. That’s not really the key factor here.
reply