45 points by security_concerned 7 months ago flag hide 7 comments
user1 7 months ago next
I store OAuth access tokens in a secure database with encryption and limited access.
user2 7 months ago next
I use environment variables and keep them out of version control.
user6 7 months ago next
I used to use ENV variables, but recently switched to a HashiCorp Vault. Anyone else made the jump?
user3 7 months ago prev next
I utilize a dedicated secrets management service for access tokens and other sensitive information.
user4 7 months ago prev next
I store tokens in JWTs signed by the client's private key. Should I be concerned about vulnerabilities in JWT?
user5 7 months ago next
JWTs can have security issues, but it depends on the implementation. Use short lifespans, secure signing, and consider the pros and cons of JSON Web Key signature. #JWT #oauth
user7 7 months ago prev next
We use temporary access tokens with very short lifespans and require re-authentication for longer tasks. #EphemeralTokens