Where to store credentials for devops?

0 votes
I have code (in git) together with configuration/deployment/build scripts (fabfile.py, circle.yml, Dockerfile etc) and it all works fine. But I have credentials of various kinds like ssh keys, code signing certificates, aws access keys, ssl certificates etc.

I’ve heard storing these essentials in git alongside the code is not appropriate. If not there then where do I store them?
Jul 23, 2018 in Git & GitHub by Hannah
• 14,080 points
46 views

1 answer to this question.

Your answer

Your name to display (optional):
Privacy: Your email address will only be used for sending these notifications.
0 votes
You can use any of the various Secrets Management Tools.

You can store your secrets in code in your SCM IF they are encrypted. You still need to deliver a secret securely at deploy time (or have it available at startup) to be able to decrypt the secrets (password, credentials, secrets, certs) that have been deployed. That is where the Secrets Management Tool (such a Vault) comes in. The tool will allow you to securely retrieve your secret for use in decryption of the secrets when it's needed.

The other way is to actually store all secrets, certificates etc. outside of the SCM in the Secret Management Tool itself and retrieve them at deploy / startup time.

But obviously both these methods have their own pros and cons
answered Jul 23, 2018 by Kalgi
• 35,750 points

Related Questions In Git & GitHub

0 votes
1 answer
0 votes
1 answer
0 votes
1 answer

Version control as source to gitlab

The steps I'm going to tell you ...READ MORE

answered Apr 23, 2018 in Git & GitHub by ajs3033
• 7,000 points
134 views
0 votes
1 answer

Git in DevOps

DevOps is an approach to improve the ...READ MORE

answered Apr 27, 2018 in Git & GitHub by QueenBee
• 1,810 points
59 views
+13 votes
2 answers
0 votes
1 answer
+1 vote
4 answers

GIT plugin in jenkins not able to connect to GIT repository

This looks like a git configuration issue, ...READ MORE

answered Oct 25, 2018 in Git & GitHub by Alia
769 views
0 votes
1 answer

gerrit-cherry-pick:fatal: 'origin' does not appear to be a git repository

The user account making that command does ...READ MORE

answered Aug 13, 2018 in Git & GitHub by Kalgi
• 35,750 points
111 views

© 2018 Brain4ce Education Solutions Pvt. Ltd. All rights Reserved.
"PMP®","PMI®", "PMI-ACP®" and "PMBOK®" are registered marks of the Project Management Institute, Inc. MongoDB®, Mongo and the leaf logo are the registered trademarks of MongoDB, Inc.