When developing software, we need to think about the aspect of security. It must be a core principle, whether we are developing mobile, desktop, or web applications.
Another security aspect is sharing database connection strings or API keys and other secrets between engineers and other parties. It's a common thing to share them through e-mail, Slack, or Microsoft Teams. I do not recommend it! Years ago, we shared secrets with encrypted ZIP files with passwords distributed by other channels. Nowadays, we use password managers or vaults, like KeePass, Bitwarden, Hashicorp Vault, or Azure Key Vault, to name a few.
Did you ever find a secret in source version control systems? We must avoid that because it is a bad practice. Instead, we can use vaults and provide role-based access to secrets. We can use scan tools to detect secrets and prevent merging to protected branches.
Security is also essential when testing software in a real environment. Imagine we have an HTTP service running in the Azure cloud, and we want to run some functional tests from our machine. If our APIs use Oauth2 authorization, we need to retrieve the JWT token from identity servers, requiring sensitive configuration. Additionally, some test parameters might expose delicate information like identifiers or other values which should be private.
Another example is database tests, where we need connection strings, and similar to identity server settings, we don't want them to fly around the internet. One can argue: "Hey, it's a test system! We do not use real data." That sounds reasonable, but if hackers access your database, they can get database structure, stored procedures, or sample data. There is no argument to ignore security in test environments. Test systems are also a good practice ground for the production environment!
At Beekn, we are using vault technologies to store any sensitive data when you are configuring a Beekn. Because a Beekn executable can be downloaded and shared, we took special care to make it as secure as possible. There are no plain text configuration files that engineers could easily share. All secrets, passwords, and certificates are packed and encrypted within the executable, which means you can easily share the Beekn with your colleagues through your existing communication channels.
In conclusion, I would like to note that we will not stop there. It's our top priority to find new ways to enhance the security of every Beekn we build and deliver.