What is the best practice to store sensitive information such as Amazon SES keys and so on?

I am building Mojito based app that sends emails using amazon ses. I was wondering where should I be storing the secret keys uses to call the API?

3 Replies
  • Any sensitive information at the app level (application.json) can be protected by using:

    { "settings": ["runtime:server"], "secret": "xxxx" }

    that group will never be sent to the client side.

    In the other hand, if you want to keep a secret at the mojit level, your best choice it to add it to definition.json for a mojito with controller marked as "server" affinity. You might also use "runtime:server" on definition.json if you have a client side affinity in the controller. I don't think we have tests for this use-case, test it, and let us know.

  • But how do we access this inside models and Test suites ?

    I guess the only way to access these parameters is through the ActionContext object.

  • More details about this in this reply:


    Aside from that, Test suites are just tests in isolation, they don't need, and they should not require, real data and real external structures, instead you can mock them accordingly within your tests.


Recent Posts

in Yahoo! Mojito