How do you send an SMS when users click a button?
Orchestrating 3rd party services is where cloud functions shine. The perfect environment for glue code.
Isolated code that does one thing with no cruft. Runs on-demand, consumes no resources when not in use, scales near infinitely. Perfection.
What is a secret
A secret is any piece of information you can't share. Any key with access to a special resource. Passwords and API tokens, for example.
You can add semi-secret configuration variables. URLs for parts of your system, ports of a database server, kinda-hardcoded data, etc.
How secretive you have to be depends on context.
Configuration variables are okay to leak, if the system is otherwise secure. But they can give an attacker information about your system.
Production passwords for sensitive health information ... you don't even want your engineers to know those. Especially not former engineers.
3 ways to handle secrets
There are 3 ways to handle secrets. From least to most secure.
- Hardcoded values
- Dotenv files
- Secrets manager
Each method comes with different pros and cons. Pros in terms of security, cons in how cumbersome to use.