{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 萌系小妹纸 的问题《How to handle sensitive configuration information》','https://www.manongdao.com/q-394749.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Example: I have an applications that needs to access an API providing an authentication token
myApi = MyApi(token=my_private_sensible_token)
I want to avoid having that private token in a configuration file that is part of the project.
One solution that comes to mind is to isolate interaction with this service in a separate proxy application that is maintained by a restricted number of authorised people. App-engine allows to protect handlers with authentication and I could easily, in the proxy, allow only calls coming from an authorised app-engine consumer application.
Different solutions I can think of, at certain point all make this private token available in the consumer application memory, this could allow a malicious user (that maintains the consumer) to write an handler that prints out this secret token that in some fancy way the application has retrieved.
Do you have better suggestions?
Another possible approach is to have 2 copies of the app (actually 2 different apps which happen to have the same code), each with their own app_ID, config file(s), etc:
Such setup can offer additional benefits besides just restricting access to production credentials, for example: