If you're deploying to EC2, I'd recommend assigning an IAM role to your servers. That way their credentials will be automatically rotated and assigned during server provisioning. That completely obviates the burden of storing the credentials. It's pretty easy to set up. Create a role in IAM, assign it permissions, then when launching a server, give it that same role. The docs[1] have an example of how to use curl to query for the credentials. By doing it this way, you can make sure that each server only have access to what it needs. An example configuration might have one role for test servers and one for live. That would make it impossible for the test servers to accidentally make changes to the live s3 bucket for example. [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2... Hope that helps. -Greg On Tue, Oct 28, 2014 at 12:39 PM, Myles Braithwaite <me@mylesbraithwaite.com

wrote:

Does anyone have any experience storing securities (i.e. AWS access and security keys) in a Git repository?

I did some Googling and found a two solutions, git-crypt[1] and blackbox[2]. Anyone tried them before?

[1]: https://github.com/AGWA/git-crypt [2]: https://github.com/StackExchange/blackbox

-- Myles Braithwaite | http://mylesb.ca/e

--- GTALUG Talk Mailing List - talk@gtalug.org http://gtalug.org/mailman/listinfo/talk