Hi,
We are using Astra DB and currently we are maintaining the Astra DB secure bundle in git repo along with code base in resource folder. As I understand, this is not secure approach as secure zip contains certificate and other secure information. Wanted to understand the best approach to handle the scenario.
Our recommendation is to store the secure bundle in a secure location such that only the application has the credentials to retrieve it.
For example, if your application is deployed on AWS then store the secure bundle on a private S3 bucket where only the application service account is able to access it. You would use the corresponding object storage if your app is deployed on GCP or Azure. Cheers!
Other way is encrypt BASE64 encoded bundle value and store in GIT. You have to decrypt it and then read the encoded zip in temp file to use. This reduces any dependency on S3 or other external store.
Another option, I guess, is to leverage Astra SDK [in Java] which would automatically download Secure Connect Bundle (SCB), per region, and works with it.
Also, @praveenkg, only with SCB, one cannot do anything without knowing the credentials (ClientID & ClientSecret) to get access to the Astra database/cluster.
7 People are following this question.
