As I said in https://youtu.be/j2JRBZaMDSg .env files are dangerous and irresponsible. See the SecurityWeek Article Below for even more details.
This video explains how to store Cloud secrets correctly.
00:00 Intro
02:45 Threats and Posture
05:28 For smaller teams
07:04 Five Mitigation Strategies
10:53 Example Walkthrough
16:19 Wrap-up
# Links from the Video
# Zero Days, and the Economics thereof
https://www.security.land/inside-the-million-dollar-zero-day-exploit-market-what-security-teams-need-to-know/
https://www.csoonline.com/article/565704/zero-days-explained-how-unknown-vulnerabilities-become-gateways-for-attackers.html
https://www.invicti.com/blog/web-security/introduction-digital-black-market-dark-web/
# Lots of people hacked due to .env files
https://www.securityweek.com/cloud-misconfigurations-expose-110000-domains-to-extortion-in-widespread-campaign/
# Alternatives to Apache/Nginx:
https://www.haproxy.org/
https://caddyserver.com/
# Cloud documentation I mentioned:
https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html
https://cloud.google.com/security/products/secret-manager
https://learn.microsoft.com/en-us/azure/key-vault/general/overview
https://aws.amazon.com/developer/tools/
https://aws.amazon.com/blogs/security/how-to-use-policies-to-restrict-where-ec2-instance-credentials-can-be-used-from/
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/target-group-health-checks.html
# Primer on SSH/SCP key auth
https://bytexd.com/how-to-use-scp-to-transfer-files-with-ssh-keys-pem-file/
# The secure OpenBSD Operating System
https://www.openbsd.org/