Home Community User Groups Special Interest Groups Test System Security Forum Topic

Test System Security

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Managing Secrets in LabVIEW

Managing Secrets in LabVIEW

‎07-07-2023 12:18 PM

This is a random question that I feel like I should know the answer to, but I googled it and couldn't find anything...

 

What are the best practices around managing secrets in LabVIEW? I'm talking things like API keys for GitLab, Firebase, AWS, etc?

 

Typically using Python on Linux I would hide it in a dotfile and set appropriate permissions. What is the equivalent on Windows? 

 

Sam Taggart
CLA, CPI, CTD, LabVIEW Champion
DQMH Trusted Advisor
Read about my thoughts on Software Development at sasworkshops.com/blog
GCentral
0 Kudos
Message 1 of 2
(182 Views)
Reply

Re: Managing Secrets in LabVIEW

‎07-12-2023 08:27 AM

Are these API secrets built into your application/code? Or is this for running in the development environment?

 

Best practice is to use a Key/Credential store and retrieve the key - e.g. AWS Key Management Service / Hashicorp Vault to retrieve the keys at run time or build of the code/application. Most CI/CD tools also have some sort of key/credential storage. I believe in larger/enterprise systems, a hardware security module (HSM) can be used.

 

The store handles the secure storage of the key itself, authenticates/authorises requests for the key and provides auditing of any access.

 

The main part is that they shouldn't be stored in source code!

LabVIEW Champion, CLA, CLED, CTD
(blog)
Message 2 of 2
(180 Views)
Reply