I got some Node.js code in an IBM Cloud Function. I have enabled it as a web action and the function is called via webhook from Watson Assistant.
Is it safe to have my API keys and other passwords inside the IBM Cloud Function as readable text? Or how should I refer to the Keys and passwords?
Here are two excerpts as examples:
function main(params) {
if (params.actionJoke == 'joke') {
const optionsDad = {
method: "GET",
uri: "https://dad-jokes.p.rapidapi.com/random/joke",
json: true,
"resolveWithFullResponse": true,
"headers": {
"x-rapidapi-host": "dad-jokes.p.rapidapi.com",
"x-rapidapi-key": "myapiCODEgoesHERE",
"useQueryString": true
}
With this first example, I was able to use params.apiKey
instead of the literal key. And I defined the Parameter in the left menu 'parameters'. But I don't know if this is better or worse in terms of security?
However, for my second example, this method doesn't work. Or at least I don't know how to do it semantically correctly.
let smtpConfig = {
host: 'mail.myz.net',
port: 122,
secure: false, // use TLS
auth: {
user: '[email protected]',
pass: 'mypassword'
}
question from:
https://stackoverflow.com/questions/65878187/ibm-cloud-functions-securing-api-keys-passwords-inside-functions-node-js 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…