How do you handle secrets? Env vars as described in the docs don’t seem like a solution for a team and we don’t have a vault provider. I was hoping it would have support for encrypting the files with a password or something. What’s your solution?
We only have 1 Secret we need to manage. The API we develop is secured via Token-based OIDC. While Bruno does support OIDC, they don’t yet support token based OIDC. So we have a pre-request script that does the auth flow and stores the resulting jwt in a runtime variable.
this way we only need to define a long lived service account json defining all we need for the auth flow. The /token endpoint is not a secret and we can commit it.
So this SA is created manually for every developer for every of our 3 stages
If you lack Vault, occasionally dropping the .env file contents into a shared (appropriately secured) BitWarden or KeePass vault will get the job done.
Ran into this at work too. They just nixed the free group tier. I hope here are opensource alternatives we can pay for.
our team uses Bruno. We have nothing to complain about. And each request being a simple text file you can check into git is also really great.
How do you handle secrets? Env vars as described in the docs don’t seem like a solution for a team and we don’t have a vault provider. I was hoping it would have support for encrypting the files with a password or something. What’s your solution?
We only have 1 Secret we need to manage. The API we develop is secured via Token-based OIDC. While Bruno does support OIDC, they don’t yet support token based OIDC. So we have a pre-request script that does the auth flow and stores the resulting jwt in a runtime variable.
this way we only need to define a long lived service account json defining all we need for the auth flow. The /token endpoint is not a secret and we can commit it.
So this SA is created manually for every developer for every of our 3 stages
If you lack Vault, occasionally dropping the .env file contents into a shared (appropriately secured) BitWarden or KeePass vault will get the job done.