[Question]: How to secure keys and secrets used in Librechat Application

[geodanchev]

What is your question?

Since it's not a best practice to use env vars for keys and secrets ( see this article) is there a way to pass those settings securely ?

More Details

My organization insists of having key vaults and environment variables are easily printed out with 'exec env' command.

What is the main subject of your question?

Other

Screenshots

No response

Code of Conduct

• I agree to follow this project's Code of Conduct

[danny-avila]

it totally depends on your environment.

for example, to name a few:

    AWS Secrets Manager: A service that helps securely store and manage access to secrets needed by your applications.
    HashiCorp Vault: A robust tool for securely accessing secrets, providing dynamic secrets, and managing sensitive data.
    Azure Key Vault: Primarily for Microsoft Azure users, securely stores and manages secrets, keys, and certificates.
    Google Cloud Secret Manager: For users on Google Cloud, it stores API keys, passwords, and other sensitive data.

for local, as long as your local env is secure it's not really a concern. It's common practice to use .env for this

[geodanchev]

Thanks for the feedback.
The question is - how to set up Librechat to read those key vaults values?
In the current situation I'm using Azure Key Vault, and I have written simple python app proving that I can read the values from the virtual machine that Librechat Ubuntu Docker Deployment is working. So now I'm ready just to pass that values securely to the docker containers and remove them from the .env files.

[InAnYan]

I'm also interested in this feature.

For example, many desktop applications use FreeDesktop Secrets (Keyring). Maybe because LibreChat is not a desktop application, secrets management could be troubling