Where to store credentials for devops

0 votes
I have code (in git) together with configuration/deployment/build scripts (fabfile.py, circle.yml, Dockerfile etc) and it all works fine. But I have credentials of various kinds like ssh keys, code signing certificates, aws access keys, ssl certificates etc.

I’ve heard storing these essentials in git alongside the code is not appropriate. If not there then where do I store them?
Jul 23, 2018 in Git & GitHub by Hannah
• 18,570 points

1 answer to this question.

0 votes

You can use any of the various Secrets Management Tools.

You can store your secrets in code in your SCM IF they are encrypted. You still need to deliver a secret securely at deploy time (or have it available at startup) to be able to decrypt the secrets (password, credentials, secrets, certs) that have been deployed. That is where the Secrets Management Tool (such a Vault) comes in. The tool will allow you to securely retrieve your secret for use in decryption of the secrets when it's needed.

The other way is to actually store all secrets, certificates etc. outside of the SCM in the Secret Management Tool itself and retrieve them at deploy / startup time.

But obviously both these methods have their own pros and cons.

Ready to Build the Future of IT? Start with Our DevOps Engineer Course!

answered Jul 23, 2018 by Kalgi
• 52,360 points

Related Questions In Git & GitHub

0 votes
1 answer
0 votes
1 answer
0 votes
1 answer

Error : unable to write symref for HEAD: Function not implemented

This is usually caused by a permission ...READ MORE

answered Oct 30, 2020 in Git & GitHub by Kim
0 votes
1 answer

How to change the URL for a remote Git repository?

Hi@akhtar, You can use the git remote command ...READ MORE

answered Nov 21, 2020 in Git & GitHub by MD
• 95,440 points
+15 votes
2 answers

Git management technique when there are multiple customers and need multiple customization?

Consider this - In 'extended' Git-Flow, (Git-Multi-Flow, ...READ MORE

answered Mar 27, 2018 in DevOps & Agile by DragonLord999
• 8,450 points
+2 votes
1 answer
+1 vote
4 answers

GIT plugin in jenkins not able to connect to GIT repository

This looks like a git configuration issue, ...READ MORE

answered Oct 25, 2018 in Git & GitHub by Alia
0 votes
1 answer

gerrit-cherry-pick:fatal: 'origin' does not appear to be a git repository

The user account making that command does ...READ MORE

answered Aug 13, 2018 in Git & GitHub by Kalgi
• 52,360 points
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP