GUIDANCE ON SAFELY STORING CREDENTIALS AND SECRETS ON SERVER

LUCIT-Systems-and-Development / unicorn-binance-websocket-api

A Python SDK by LUCIT to use the Binance Websocket API`s (com+testnet, com-margin+testnet, com-isolated_margin+testnet, com-futures+testnet, com-coin_futures, us, tr, dex/chain+testnet) in a simple, fast, flexible, robust and fully-featured way.

https://unicorn-binance-websocket-api.docs.lucit.tech/

Other

685 stars 165 forks source link

GUIDANCE ON SAFELY STORING CREDENTIALS AND SECRETS ON SERVER #149

Closed Kylematt1992 closed 3 years ago

Kylematt1992 commented 3 years ago

Hello, First of all a very loud shout out to the maker of this program and all those who contributed it. Thank you. Could you please provide guidance on how to run bot on server 24/7 safely with our api secrets and our strategies (although mine is simple rsi, but I am sure there are many who have great strategies) if possible? I came across that api keys and secret should not be stored on environment variables. Please guide on that too. Also, should we host our bot as app in containerised docker or should select proper complete full instance? Thank you...

oliver-zehentleitner commented 3 years ago

If this should start automatically after a reboot, then I like using config files and adding the keys to it with chmod 400. If you want max security you should use an own user for your script/programm/bot and make this user owns the config file.

If you are fine with manually starting the bot after a reboot, then you can provide the api keys via command line parameters. In this case take care not saving the bash history.

If you have a lot of keys you can create a LUKS container storing the secrets in it. After a reboot, decrypt the container, mount it and use the keys.