Is it safe to store sensitive data in environment variables? (e.g. apiKey)

[kaaj]

In our system there is a custom authentication method which is similar to Amazon’s AWS4 authentication but not the same. That is why we would like to create a plugin which will be able to do the authentication process providing sensitive data by the environment variables. As we see the environment variables are stored in insomnia.Environment.db file on the filesystem without any encryption. Is it safe enough or is there a safer way to set and store for example an apiKey inside Insomnia?

I've only found an example where the documentation recommends to use environment variables for apiKey. https://support.insomnia.rest/article/18-environment-variables

Thank you for your answers in advance.

[nijikokun]

It's as safe as the place you store them since there is no encryption. If you are using teams, there is end to end encryption to ensure safety, and should you export them, I'd advise to store them in a private repository.

We have discussed recently the possibility of encrypting variables in the environment.

[develohpanda]

There is also an approach using .env files outlined in this blog post through which you can keep sensitive information entirely out of the application.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.