Where to store credentials for devops

0 votes
I have code (in git) together with configuration/deployment/build scripts (fabfile.py, circle.yml, Dockerfile etc) and it all works fine. But I have credentials of various kinds like ssh keys, code signing certificates, aws access keys, ssl certificates etc.

I’ve heard storing these essentials in git alongside the code is not appropriate. If not there then where do I store them?
Jul 23, 2018 in Git & GitHub by Hannah
• 18,550 points
360 views

1 answer to this question.

0 votes
You can use any of the various Secrets Management Tools.

You can store your secrets in code in your SCM IF they are encrypted. You still need to deliver a secret securely at deploy time (or have it available at startup) to be able to decrypt the secrets (password, credentials, secrets, certs) that have been deployed. That is where the Secrets Management Tool (such a Vault) comes in. The tool will allow you to securely retrieve your secret for use in decryption of the secrets when it's needed.

The other way is to actually store all secrets, certificates etc. outside of the SCM in the Secret Management Tool itself and retrieve them at deploy / startup time.

But obviously both these methods have their own pros and cons
answered Jul 23, 2018 by Kalgi
• 52,310 points

Related Questions In Git & GitHub

0 votes
1 answer
0 votes
1 answer
0 votes
1 answer

Error : unable to write symref for HEAD: Function not implemented

This is usually caused by a permission ...READ MORE

answered Oct 30, 2020 in Git & GitHub by Kim
399 views
0 votes
1 answer

How to change the URL for a remote Git repository?

Hi@akhtar, You can use the git remote command ...READ MORE

answered Nov 21, 2020 in Git & GitHub by MD
• 95,060 points
59 views
+15 votes
2 answers

Git management technique when there are multiple customers and need multiple customization?

Consider this - In 'extended' Git-Flow, (Git-Multi-Flow, ...READ MORE

answered Mar 26, 2018 in DevOps & Agile by DragonLord999
• 8,450 points
955 views
+2 votes
1 answer
+1 vote
4 answers

GIT plugin in jenkins not able to connect to GIT repository

This looks like a git configuration issue, ...READ MORE

answered Oct 25, 2018 in Git & GitHub by Alia
6,993 views
0 votes
1 answer

gerrit-cherry-pick:fatal: 'origin' does not appear to be a git repository

The user account making that command does ...READ MORE

answered Aug 13, 2018 in Git & GitHub by Kalgi
• 52,310 points
614 views