Where to store credentials for devops?

0 votes
I have code (in git) together with configuration/deployment/build scripts (fabfile.py, circle.yml, Dockerfile etc) and it all works fine. But I have credentials of various kinds like ssh keys, code signing certificates, aws access keys, ssl certificates etc.

I’ve heard storing these essentials in git alongside the code is not appropriate. If not there then where do I store them?
Jul 23, 2018 in Git & GitHub by Hannah
• 15,620 points
96 views

1 answer to this question.

0 votes
You can use any of the various Secrets Management Tools.

You can store your secrets in code in your SCM IF they are encrypted. You still need to deliver a secret securely at deploy time (or have it available at startup) to be able to decrypt the secrets (password, credentials, secrets, certs) that have been deployed. That is where the Secrets Management Tool (such a Vault) comes in. The tool will allow you to securely retrieve your secret for use in decryption of the secrets when it's needed.

The other way is to actually store all secrets, certificates etc. outside of the SCM in the Secret Management Tool itself and retrieve them at deploy / startup time.

But obviously both these methods have their own pros and cons
answered Jul 23, 2018 by Kalgi
• 41,810 points

Related Questions In Git & GitHub

0 votes
1 answer
0 votes
1 answer
0 votes
1 answer

Version control as source to gitlab

The steps I'm going to tell you ...READ MORE

answered Apr 23, 2018 in Git & GitHub by ajs3033
• 7,280 points
242 views
0 votes
1 answer

Git in DevOps

DevOps is an approach to improve the ...READ MORE

answered Apr 27, 2018 in Git & GitHub by QueenBee
• 1,810 points
129 views
+13 votes
2 answers

Git management technique when there are multiple customers and need multiple customization?

Consider this - In 'extended' Git-Flow, (Git-Multi-Flow, ...READ MORE

answered Mar 26, 2018 in DevOps & Agile by DragonLord999
• 8,380 points
185 views
0 votes
1 answer
+1 vote
4 answers

GIT plugin in jenkins not able to connect to GIT repository

This looks like a git configuration issue, ...READ MORE

answered Oct 25, 2018 in Git & GitHub by Alia
1,905 views
0 votes
1 answer

gerrit-cherry-pick:fatal: 'origin' does not appear to be a git repository

The user account making that command does ...READ MORE

answered Aug 13, 2018 in Git & GitHub by Kalgi
• 41,810 points
245 views