How to secure important credentials (used in Node.js application code) in separate side utility
I have a special requirement, have gone through the site but have not found any matching my need. I want to secure:
- DB Connection Credentials
- Session Secret Key
- Security Token, Encryption/Decryption Keys
- 3rd Party API credentials
I do not want these important credentials written or visible in my Node.js application code. However, it is recommended that I store these important credentials and keys in a separate utility. I wonder where and how I should store these credentials in what way, that it returns decryption information to my Node.js application.
In my mind there are number of possible ways:
- Use any Linux utility which does required job for me, and this way I can run Linux commands directly in my Node.js application and get the output for use.
- Use any C++ program on my Linux machine that does the required job for me?
- Or could I use PHP script that hold the important credentials in encrypted format, and return me decrypted credentials when required.
- Use any 3rd party program/service on the server?
- By use Docker Container? (https://security.stackexchange.com/a/157162/137890)
- By holding credentials file in any other machine, then on Node.js application boot/start, we follow Master, client process strategy. In this strategy, mount the credentials file, read and load the credentials in memory/variables, then unmount the credentials file. And initiate the child Process that actually run our Node.js Application (which will get the connectivity credentials from Master process).
Please advise with your appropriate solutions, this is important so in case of any hack attempt my other communication servers(DB Server, API Server, etc) remain secure.
This is related to: http://cwe.mitre.org/data/definitions/259.html
But looking for a sulution in the domain/boundary of Node.js / Linux.