how to store secrets outside of .dotfiles?

Question

how to store secrets outside of .dotfiles?

jesperronn opened this issue 9 years ago · 3 comments

Maybe I am missing the obvious. but where do I store secret keys for AWS, Heroku, etc and still have them loaded via dotfiles?

What would be my prefered way of doing that?

Answer 1 · 2015-09-29T03:56:30.000Z

Hey there,
The simplest solution would be to leave theses secret-containing files on a different medium you can trust - maybe a simple USB Key would be enough for you. However, if you want to store theses files publicly and still be able to hide your secret, i suggest looking into theses:

use git-crypt to cipher and decipher your files as you commit / checkout
Use ansible & ansible-vault to deploy your dotfiles.

The Ansible way is, by far, my favorite solution so far. It's an amazing tool you will probably find useful one way or another, and is, in my opinion, worth looking into.
If you need a more custom/complex solution, you can maybe build a custom system on top of other kind of products... maybe hashicorp vault?

Answer 2 · 2016-06-30T18:40:57.000Z

I've been using LastPass for that since they now have a CLI tool.

export SAAS_SECRET=`lpass show sass_seceret --password`

Answer 3 · 2016-09-09T22:14:44.000Z

Used @gMagicScott suggestion and it worked perfectly as I required tokens in some commands.

Example:

curl -F file=@'foo.txt' -F uuid=$(lpass show --notes uuid_token) http://myhost.com