Comment by austin-cheney

Comment by austin-cheney 10 hours ago

1 reply

View on Hacker News

The easy but less secure solution:

Store all secrets in one file WITHIN your local repo and add that one secrets file to something like a .gitignore file. Then validate the file is excluded using git status.

The more secure solution is to store all secrets within a secrets vault and access that vault from application logic on application restart, provided the application is a service that rarely restarts.

scarface_74 6 hours ago

No that’s not more secure. You never need to read your secrets for AWS into your code. Your secrets never need to be anywhere near your repository in a vault nothing.

The SDK will pick them up from your local computers home directory or from the AWS environment when running on AWS.

Reply View 0 replies