App/framework keys or passwords are visible/hardcoded
May app/web framework require the use of encryption keys/passwords - symmetric or asymmetric in order to encrypt cookies, JWT, and/or database encryption seed data.
Usually these are needed to be stored and used by the framework.
Exposing these may risk a hacker being able to perform MitM attacks, impersonation and more.
Problem
An app or framework key is visible or hardcoded.
Fix
Infrastructure
- Use a cloud-native secret store, such as AWS Secrets Manager
- Use a dedicated vault product, such as:
Architecture
See
Updated over 1 year ago