I’m new to backend and currently don’t know best practices of storing sensitive data in safe.
I configured node.js server with JWT. I signed JWT with RSA key. Each time server receive request it verifies integrity of JWT.
For now I have 2 files
public.key. The first file is used for signing JWT and the second one is used for verifing JWT.
So the question is.
Where should I store these keys (files)? Currently, I store them beside the project source files but do not push them to the remote source control system. Whenever I need content of the keys I just use
readFileSync so it requires files to be present in the project.
Do I need to encrypt these files too? or…
Do I need to push these files to the remove service and use them via HTTP? or..
Is there any service where I can put my files and use some URL to get access to the files?