Search Unity

  1. Unity 6 Preview is now available. To find out what's new, have a look at our Unity 6 Preview blog post.
    Dismiss Notice
  2. Unity is excited to announce that we will be collaborating with TheXPlace for a summer game jam from June 13 - June 19. Learn more.
    Dismiss Notice
  3. Dismiss Notice

Question Where should server side secrets live?

Discussion in 'Authentication' started by jackward84, Jun 21, 2023.

  1. jackward84

    jackward84

    Joined:
    Jan 26, 2017
    Posts:
    87
    Say I have a firestore key or an api key that I need to use to connect to some third party, and I want to import that in my allocated servers through something like an environment variable, how can I do that while keeping the value safe (ie: put into the environment at run time and not visible by anyone)?
     
  2. jackward84

    jackward84

    Joined:
    Jan 26, 2017
    Posts:
    87
    Don't know if it's the right answer, but I stored it in the build config variables. The secret is in plain sight for anyone who has access to the project, but I don't know of any other way to do this outside of using something like a docker build, but even then it's basically in plain sight for anyone who has access to the image.