I am tying to connect to a secure api that requires a client ssl certificate and a key. The remote api gave me both of them and I'm able to connect to this api with postman without any issues.
Now, I have a node.js server hosted on Heroku and I need to send the client certificate and key with each request.
My question is how do I host this client certificate and key safely? In some kind of a folder (doesn't sound safe)? do I need heroku to host them for me for security reasons?
For the sake of the question I already host them in a regular folder and can perform my requests easily.
I'm new to SSl but do implementing this suggested solution is what I need? https://devcenter.heroku.com/articles/ssl#manually-upload-certificates.
This Heroku docs talk about making the server a secure endpoint for users so it isn't relevant for me as my understanding goes- https://devcenter.heroku.com/articles/ssl-endpoint#ssl-file-types.
I got my answer by getting help from the Heroku support and by understanding better how to work with client certificate.
Eventually I have used environment variables to store the key and the certificate as a string.
Heroku support environment variables through their CLI and server setting.
Most answers online talking about receiving the certificate, my issue was where to store them to be sent to a remote secure API.
I hope somebody, will be able to use this answer.