Dylan Nirvana-keys | Stripe Developers | Page 1

obtuse bough Feb 10, 2022, 2:23 PM

#

Hi 👋 the environment that you're working in is dictated by the API key that you use. After the pk_ or sk_ (publishable vs secret) prefix the environment will be represented by test_ or live_.

For example, a test secret key would start with sk_test_.

#

When you ask where to safely keep secret variables, can you expand on that?

odd lava Feb 10, 2022, 2:40 PM

#

ssh's. What I've been asked to is make basic security recommendations on e-commerce applications, mostly architectural best practices on where to store envs / keys.

#

I hope that made sense

obtuse bough Feb 10, 2022, 2:44 PM

#

It does, but with the number of integration paths that are available for Stripe it's a really broad question that is hard to answer.

odd lava Feb 10, 2022, 2:52 PM

#

Makes sense. Is there a doc that addresses this? 💂‍♂️

obtuse bough Feb 10, 2022, 2:56 PM

#

Not really, because that is primarily driven by the environment that a user decides to work in, and has little to do with the actual Stripe integration. For instance, where you store secrets for a C#/.NET backend running on a Windows server, is likely going to be pretty different from where you should store keys when using a serverless infrastructure like AWS Lambda.

odd lava Feb 10, 2022, 3:22 PM

#

Oh, I see. So Azure for example, has its own opinion on where to store things.

cyan scarab Feb 10, 2022, 3:28 PM

#

Yea, its normal for different hosting providers to offer UIs for storing secrets that will be loaded as environment variables etc

#

You should follow the guidance for the platform you use and adhere to industry best practices that meet the requirements of your organizations security policies

#Dylan Nirvana-keys