Is it secure to use secrets?

I’m new to programming and I have a really dumb question. When I create a secret I hide personal info from other users. Doesn’t filling the “secret” form - where you type the personal info and the token name - reveal you personal information for the people who have access to the web-site’s data. Admins, moderators e.t.c.

2 Likes

I’m pretty sure if you have a password secure enough, nobody would get into it, not even mods or admins. Why would mods or admins even have permission to access your personal data if they don’t even need it.

4 Likes

I’m pretty sure admins can see your secrets. other then that nobody else can.

3 Likes

Us moderators can not view secrets unless we are able to edit the repl like others. As for admin I don’t think they are able to either

3 Likes

How is that secure then? I wanted to create a discord bot that could periodically report my credit card’s balance to my discord server’s channel. Which means I have to share my credit card information with the project employees. I tried to find related info about that. Found nothing. The data I type into the secret form must be saved somewhere. Doesn’t somebody from the project has access to that saved information? Is it even possible? The person(s) who own(s) the data must have access to it.

1 Like

Unless there are some internet protocols that encrypt everything I type. I couldn’t find anything that explains things like this one.

1 Like

It is stored on Replit’s servers but it is encrypted and secure. And I’m sure people don’t look at this

4 Likes

host it on an alt with zero community interaction if you want to try and hide it…

3 Likes

I guess you have to trust someone with your personal data at some point. I also can use a really weak/cheap PC as a server to run my pet project on. Thanks for the responses.

2 Likes

On EU area where I live banks have API that only give limited access to banking data for third party apps so you can make a app that connects to banking data trough banks own systems and only have access to balance but nothing else. So even if secret API keys leak they can only used by check the balance if not other rights are not activated.

It is actually required by law that banks have to provide API layer to for third party apps to access banking data but outside EU it might be different.

But im not really expert on how it actually work and what you need to do to gain access to banks API I pretty sure there are some checks in who can access it and who dont.

1 Like