Hey guys, what’s up?
Have a doubt here, I have an application in which I’m using the captcha of google’s service to prevent any brute force attack on the login page.
The thing is that I’m not sure if there is any problem with me leaving the sitekey and the secretkey in plain text on the code, don’t know if it could cause any security breach.
thanks for the help
Hi ! According to Recaptcha -> intro, the siteKey is a public parameter that you use to call the captcha inside your application, but the secretKey is not.
For this reason you must encrypt your secretKey in your code or define it as a enviroment varible, as it is said on the google’s documentation: Recaptcha -> intro “The secret key needs to be kept safe for security purposes”.
So I recommend you to save the keys,users,pass,aws and secrets in a containter and also please, see: Recaptcha -> faq