Comment by apgwoz

8 hours ago

You’re thinking too much. When you run the app, the system decrypts the secrets and makes them available as env vars (or some other mechanism).

In an admin ui, you list the names of secrets only, and provide a “reveal” or a “replace” on each one. They are never decrypted unless explicitly asked for.

Is this perfect? Absolutely not. The key is controlled by the company, but it can be derived in a manner that doesn’t allow for the dump of everything if it’s leaked.

2 comments

apgwoz

Reply
kstrauser  6 hours ago

My understanding is this is exactly how Vercel works. The users hadn’t checked the “don’t ever reveal, even to me” box next to the sensitive values. If they had, the attacker would only have been able to see the names of the variables and not their values.

  • apgwoz  5 hours ago

    Ah. The article has since been updated to point out that it’s not plaintext, but encrypted at rest (which would be expected). OK.