I have a question regarding secure storage of API keys & secrets.
Here's my scenario:
I'm developing a program that collects/analyzes data from multiple external APIs. The data is rather sensitive, and the APIs all require a key & secret. My software will call these APIs, crunch the data returned, and store the results. I expect that I'll end up hosting this software in 'the cloud' eventually so I can have maximum up-time & scalability.
My question is what's the safest/best way to store the credentials (keys & secrets) for the external APIs that I'm calling?
Here are a few things that I've been considering, but I'm really open to anything...
You're going to end up chasing your tail on this one, purely because a server breach is game over. There are definitely steps you can take to reduce the damage a server breach can cause, but nothing foolproof.
Consider the options you've outlined:
My point is, you are focusing on the wrong part of your security. If the attacker gains access to the server, it is already game over. Focus on preventing access to your server in the first place.