While writing a gem today to manage creating encrypted JWTs (JWE) with managed encryption keys and secure-by-default options, I was contemplating different ways of managing loading keys. Because I personally store my keys in
application.credentials, my brain immediately jumped to importing through credentials by a preset default prefix key. When I was about to implement the function I wanted to use to do so, I immediately realized just how much access is available to credentials once loaded. I could get access to anyone’s credentials simply by checking that Rails is defined in the gem from anywhere with no security checks in place to restrict those credentials to application code.
What do we do to ensure credentials are ONLY accessed by code that we write?