Usage Guidelines

Warning and guidelines

Please carefully follow these guidelines to ensure secure and efficient use of Iris.

Security Environment

Storing secret environment variables securely is essential for maintaining the security and integrity of your application. Below are the recommended best practices.

  1. Use Environment Variables

    - Local Development: Store secrets in a `.env` file and ensure it is not checked into version control by adding it to `.gitignore`. - Production: Set environment variables directly on the server or use a secrets management service.

  2. Environment Files (.env)

    1. Using Azure Vault : the best solution is to use Azure Vault to store the key, and then retrieve it through authentification with SSO

    2. Another less secured solution is to store the variable in environment files

      1. Create a `.env` File: Store secrets in a `.env` file.

            API_KEY=your_api_key_here
    DATABASE_URL=your_database_url_here

      2. Add `.env` to `.gitignore:

            # .gitignore
    .env

  3. Use a Secrets Management Service and Configuration Management Tools

    - AWS Secrets Manager - Azure Key Vault - Google Cloud Secret Manager

    - Docker Secrets: Manage sensitive data in Docker Swarm. - Kubernetes Secrets: Manage sensitive information in a Kubernetes cluster.

  4. Environment Variable Injection

    - CI/CD Pipelines: Inject secrets as environment variables during the build or deployment process.

API Load Management

Call Interval: We suggest implementing a delay of 1 second between API calls during testing to avoid rapid, successive requests that may lead to overwhelming the server.

PreviousQuickstartNextSummarization

Last updated