how to protect a string (secret key) in my env file in node.js project?

I have a node.js project which implement in nest.js framework.
there is some apiKey and secretKey in my env file, I want to protect these keys from anyone, even host administrator. so I compile my entire project with pkg module to a binary… Continue reading how to protect a string (secret key) in my env file in node.js project?

I do not understand how the standard practice to pass secrets as environment variables to containers considered as safe? [duplicate]

TL;DR
The container’s environment variable can be queried many ways, with native docker tools or 3rd party tools. The docker admin user (or any user in the docker group) not necessary dba on a container’s image, still can dump the root(mys… Continue reading I do not understand how the standard practice to pass secrets as environment variables to containers considered as safe? [duplicate]

Is it risky to include .env files in the .zip which is uploaded to Elastic Beanstalk for deployment? If so, what is the risk?

Is it okay to upload .env files containing client ID and client secret to elastic beanstalk? If not, what is the risk involved? How would one access those files?

Continue reading Is it risky to include .env files in the .zip which is uploaded to Elastic Beanstalk for deployment? If so, what is the risk?

Exporting shellcode to environment variable doesn’t work as expected

(This is a question regarding a challenge in a wargame on overthewire.org called Narnia similar to Shellcode does not execute as the owner )
When exporting shellcode to EGG environment variable
export EGG=`python3 -c "import sys; sys…. Continue reading Exporting shellcode to environment variable doesn’t work as expected