Home

Awesome

<div align="center" >🤝 Show your support - give a ⭐️ if you liked the content | <a target="_blank" href='https://twitter.com/intent/tweet?url=https%3A%2F%2Fgithub.com%2FPuliczek%2Fawesome-list-of-secrets-in-environment-variables&via=pulik_io&text=Awesome%20list%20of%20secrets%20in%20environment%20variables'>SHARE on Twitter</a> | Follow me on <a target="_blank" href='https://twitter.com/pulik_io'><img src='https://img.shields.io/badge/Twitter-%231DA1F2.svg?&style=flat&logo=twitter&logoColor=white'/></a> <a target="_blank" href='https://www.youtube.com/channel/UCaAdOBH2hnqLvEri1M7eg5Q'><img src='https://img.shields.io/badge/YouTube-%23FF0000.svg?&style=flat&logo=youtube&logoColor=white'/></a> </div>

Awesome list of secrets in environment variables Awesome

📝 Description

List of secrets, passwords, API keys, tokens stored inside a system environment variables.

An environment variable is a variable whose value is set outside the program, typically through functionality built into the operating system or microservice.

Many developer documentations recommends storing secrets inside an environment variable, but is it the best way to keep secrets?

The attacker can read values inside system environment variable by using exploits:

Because of that I created, a list of secrets in environment variables to help secure software.

Some of practices to avoid leak of secrets stored in environment variables is to:

Environment variables

You can check your system environment variables:

Awesome list of secrets in environment variables

A

AWS

source: https://docs.aws.amazon.com/sdkref/latest/guide/setting-global-aws_secret_access_key.html

Algolia

source: https://www.algolia.com/doc/framework-integration/symfony/getting-started/installation/?client=php

Azure

source: https://docs.microsoft.com/en-us/dotnet/api/azure.identity.environmentcredential?view=azure-dotnet <br> source: https://techcommunity.microsoft.com/t5/azure-developer-community-blog/understanding-azure-msi-managed-service-identity-tokens-caching/ba-p/337406

B

Binance

source: https://algotrading101.com/learn/binance-python-api-guide/

Bittrex

source: https://github.com/TeamWertarbyte/crypto-trading-bot/blob/development/README.md

C

Cloud Foundry

source: https://cli.cloudfoundry.org/en-US/v6/auth.html

Code Climate

source: https://docs.codeclimate.com/docs/command-line-interface

Coveralls

source: https://docs.coveralls.io/supported-ci-services

CircleCI

source: https://circleci.com/docs/2.0/api-developers-guide/

D

Digitalocean

source: https://github.com/digitalocean/doctl#authenticating-with-digitalocean

Dockerhub

source: https://github.com/marketplace/actions/publish-docker

Dockerhub

source: https://circleci.com/docs/2.0/env-vars/

E

F

Fastlane products

source: https://github.com/phatblat/fastlane-variables

Facebook

Firebase

source: https://firebase.google.com/docs/cli

Fossa

source: https://docs.fossa.com/docs/api-reference

G

Github

source: https://cli.github.com/manual/gh_help_environment

Gitlab

source: https://docs.gitlab.com/ee/user/project/deploy_tokens/

Google Cloud

source: https://cloud.google.com/docs/authentication/getting-started#windows

Gitlab

source: https://docs.gitlab.com/ee/ci/variables/predefined_variables.html

H

Heroku

source: https://devcenter.heroku.com/articles/authentication

I

J

K

L

M

Mailgun

source: https://www.pulumi.com/registry/packages/mailgun/installation-configuration/

MongoDB

https://docs.mongodb.com/mongocli/stable/configure/environment-variables/

N

NGROK

source: -

NPM

source: https://docs.npmjs.com/using-private-packages-in-a-ci-cd-workflow

O

OKTA

source: https://developer.okta.com/okta-sdk-java/apidocs/com/okta/sdk/client/ClientBuilder.html

Oracle OpenStack command-line client

source: https://docs.openstack.org/ocata/user-guide/common/cli-set-environment-variables-using-openstack-rc.html <br> source: https://docs.oracle.com/cd/E78305_01/E78304/html/openstack-envars.html

P

Percy.io

source: https://docs.percy.io/docs/environment-variables

PostgreSQL

source: https://www.postgresql.org/docs/current/libpq-envars.html

Q

R

S

Sauce Labs

source: https://docs.saucelabs.com/basics/environment-variables/

Sentry

source: https://docs.sentry.io/product/cli/configuration/

Slack

source: https://slack.dev/node-slack-sdk/getting-started

Square

source: https://www.npmjs.com/package/square/v/12.0.0?activeTab=readme

Stripe

source: https://stripe.com/docs/cli/api_keys

Surge

source: https://surge.sh/help/integrating-with-circleci

T

Twilio

Source: https://www.twilio.com/blog/2017/01/how-to-set-environment-variables.html

Twitter

source: https://developer.twitter.com/en/docs/authentication/guides/authentication-best-practices

Travis Ci

source: https://docs.travis-ci.com/user/environment-variables

Telegram

U

V

Vault HashiCorp

source: https://www.vaultproject.io/docs/commands

Vultr

source: https://www.vultr.com/docs/deploying-javascript-unikernels-to-vultr-with-ops

W

X

Y

Z

Get a RAW list:

The repository includes the raw list:

raw_list.txt

It is auto-generated from README.md by GitHub action.

😎 Contributing

👍🎉 First off, thanks for taking the time to contribute! 🎉👍

If you would like to add more secrets: <br> Please read and follow our Contributing guide

Thanks! 🦄

💻 Useful links

🤝 Show your support

<div>🤝 Show your support - give a ⭐️ if you liked the content | <a target="_blank" href='https://twitter.com/intent/tweet?url=https%3A%2F%2Fgithub.com%2FPuliczek%2Fawesome-list-of-secrets-in-environment-variables&via=pulik_io&text=Awesome%20list%20of%20secrets%20in%20environment%20variables'>SHARE on Twitter</a> | Follow me on <a target="_blank" href='https://twitter.com/pulik_io'><img src='https://img.shields.io/badge/Twitter-%231DA1F2.svg?&style=flat&logo=twitter&logoColor=white'/></a> <a target="_blank" href='https://www.youtube.com/channel/UCaAdOBH2hnqLvEri1M7eg5Q'><img src='https://img.shields.io/badge/YouTube-%23FF0000.svg?&style=flat&logo=youtube&logoColor=white'/></a> </div>

✔️ Disclaimer

This project can only be used for educational purposes. Using this software against target systems without prior permission is illegal, and any damages from misuse of this software will not be the responsibility of the author.