My team and I are looking for a way to store and encrypt OAuth access tokens after fetching them from the sellers. While reading through the OAuth documents, we weren’t exactly sure about the following warning.
“Never store your credentials or access tokens in your version control system.”
What does “version control system” mean here? Does it literally refer to VCS like GitHub? One of our plans to handle the tokens was to encrypt and store them in our backend system and not push it to our repository - would this plan work, or should we move on to a different one?
Also, I was curious how other application developers encrypted their tokens. Would there be any tips or recommendations for it?
Thank you, and have a great day!