catchy_name@feddit.ittoLinux@lemmy.ml•Isn't it weird that we put credentials in the environment?English
61·
1 year agoCyberArk is a commercial product that attacks this problem space. It puts an agent process on the host next to your app. Only processes whose fingerprint matches those authorized to access a credential are allowed to fetch it. That fingerprint can be based on the host (known list of production hosts), the os user ID that owns the pid, the path to the executable for the pid, and probably a few more items.
Under that model your app just needs to know the environment that it wants (inject however you want) and the userid it wants to use. At runtime it reaches out to the local cyberark agent to obtain the password secret.
A key thing about the API is that moderating gets harder when the apps that moderators use to streamline/facilitate their work suddenly stopped working. Those apps relied on the Reddit API. These were created by and for the moderator community out of necessity.
Moderators had asked Reddit for tools and when Reddit didn’t provide they built their own. Then Reddit switched off the API without offering replacement tools.
That’s likely the primary reason that Reddit’s mods left and its content took a nosedive.