jacobobryant
commented
3 years ago Closing as "eh it's probably good enough". Vault would be overkill. And in general, we're doing pretty standard stuff.
Closed jacobobryant closed 3 years ago
jacobobryant
commented
3 years ago Closing as "eh it's probably good enough". Vault would be overkill. And in general, we're doing pretty standard stuff.
It'd be nice to have a security specialist look through some of the code, or at least read a document that describes the security-relevant parts of Biff. Currently I think the weakest thing is secrets management--they're stored in a plain text file on the server and passed around freely in memory. It'd probably be better to use Vault (https://github.com/jacobobryant/biff/issues/51).
At the moment I think Biff's security is good enough for side projects, and obviously I use Biff in production for my startup.