May app/web framework require the use of encryption keys/passwords - symmetric or asymmetric in order to encrypt cookies, JWT, and/or database encryption seed data.
Usually these are needed to be stored and used by the framework.
Exposing these may risk a hacker being able to perform MitM attacks, impersonation and more.
An app or framework key is visible or hardcoded.
- Use a cloud-native secret store, such as AWS Secrets Manager
- Use a dedicated vault product, such as:
Updated 3 months ago