Currently, we keep secrets, like mysql password, in our codebase in plain-text and we are planning to secure them.
From what I read, I see there are two ways to it :
- Keep the encrypted password in the code itself and key in the vault (like AWS KMS).
- Another way is to use AWS Secret manager which itself keeps the password.
What is the standard way of keeping such secrets?