Member-only story
Short Developer Story
Avoid Risking by Derisking Security
When improving security, the steps need to be secured.
Have you ever embarked on improving a security loophole, only to inadvertently create a new one? Here’s an illustrative incident.
The Challenge to Address
With mobile development becoming increasingly prevalent in the software world, the imperative to bolster their security grows more pressing. One day, it came to our attention that some client API keys for our Android development were easily exposed in a Git repository.
The Solution
To enhance security, we explored encrypting these keys and restricting access to only those developers who truly needed them. To implement this, we collaborated with the developer support team, leveraging their expertise in tools beyond the scope of mobile developers.
We opted for the widely-used AWS encryption feature, namely the Key Management System (KMS). This seemed promising, allowing us to decrypt the keys via a command-line interface for the Android development team’s use. However, a new risk emerged.
