您如何安全地管理机密和凭据？

Question

您如何安全地管理机密和凭据？

Accepted Answer

**机密**（API 密钥、密码、令牌、加密密钥）必须安全地管理——绝不要在代码中硬编码或提交到版本控制，而应安全地存储和访问。不良的机密管理是导致数据泄露的常见且严重的原因。

## 基本原则：绝不要硬编码或提交机密

```text
❌ NEVER hardcode secrets in source code or commit them to Git:
  → committed secrets are in the repo HISTORY (exposed even if "removed" later)
  → public repos / leaks expose them to attackers (bots scan GitHub for keys constantly)
  → a TOP cause of breaches (leaked AWS keys, database passwords, API tokens)
⚠️ If a secret IS committed/leaked → ROTATE it immediately (it's compromised)
```

## 如何正确管理机密

```text
✓ ENVIRONMENT VARIABLES → inject secrets at runtime (not in code); keep .env OUT of Git
  (.gitignore) — basic approach
✓ SECRETS MANAGERS → HashiCorp Vault, AWS Secrets Manager, Azure Key Vault, etc.:
  → centralized, encrypted, access-controlled, audited, rotatable secret storage
  → the robust approach for production (fetch secrets at runtime)
✓ Cloud/platform secret stores; CI/CD secret stores (for pipeline secrets)
```

## 最佳实践

```text
✓ LEAST PRIVILEGE — secrets grant only the access needed
✓ ROTATE secrets regularly (and immediately if leaked); prefer SHORT-LIVED credentials
  (e.g. temporary tokens, OIDC) over long-lived static keys
✓ Audit secret access; encrypt secrets at rest; don't LOG secrets
✓ SCAN for committed secrets (git-secrets, scanners in CI) to catch leaks early
✓ Separate secrets per environment (dev/staging/prod)
```

## 为什么这很重要

理解如何安全地管理机密很重要，因为**不良的机密管理是导致数据泄露的常见且严重的原因**，因此这是宝贵的、实际上关键的安全知识。

**基本原则**——**绝不要在代码中硬编码机密或将其提交到版本控制**——至关重要，因为提交的机密会保留在代码库历史中（即使之后