Review possible security implementations for encryption of Keys for the front end.
Possible Resolutions:
Serverless Functions:
*Serverless Functions as a backend proxy (AWS Lambda) [Since Code Platoon alreadu utilizes a lot of Amazon configs]
-Acts as a proxy between your React app and the services being accessed. The API key is stored securely in the environment variables of the serverless function. Your React app makes requests to your serverless function, which then adds the API key to the requests to the third-party service and returns the data to your frontend. This keeps the API key hidden from the client-side.
-Supports environment variables and can also integrate with AWS Secrets Manager or AWS Parameter Store for even more secure storage.
API Gateway:
Use an API Gateway (like AWS API Gateway) to manage and proxy API requests. The gateway can inject API keys or other authentication information into requests to backend services securely and transparently. This method also allows you to centralize request validation, throttling, and other API management features.
Secure Storage Services:
Utilize services like AWS Secrets Manager or Azure Key Vault to manage and access secrets. These tools offer built-in security for handling sensitive information. Your serverless functions can retrieve API keys on demand from these services and use them to make secure API requests.
*Possibly something with Github if there's a solution, etc.
Review possible security implementations for encryption of Keys for the front end.
Serverless Functions:
*Serverless Functions as a backend proxy (AWS Lambda) [Since Code Platoon alreadu utilizes a lot of Amazon configs]
-Acts as a proxy between your React app and the services being accessed. The API key is stored securely in the environment variables of the serverless function. Your React app makes requests to your serverless function, which then adds the API key to the requests to the third-party service and returns the data to your frontend. This keeps the API key hidden from the client-side.
-Supports environment variables and can also integrate with AWS Secrets Manager or AWS Parameter Store for even more secure storage.
API Gateway:
Use an API Gateway (like AWS API Gateway) to manage and proxy API requests. The gateway can inject API keys or other authentication information into requests to backend services securely and transparently. This method also allows you to centralize request validation, throttling, and other API management features.
Secure Storage Services:
Utilize services like AWS Secrets Manager or Azure Key Vault to manage and access secrets. These tools offer built-in security for handling sensitive information. Your serverless functions can retrieve API keys on demand from these services and use them to make secure API requests.
*Possibly something with Github if there's a solution, etc.