Where to store credentials for devops

0 votes
I have code (in git) together with configuration/deployment/build scripts (fabfile.py, circle.yml, Dockerfile etc) and it all works fine. But I have credentials of various kinds like ssh keys, code signing certificates, aws access keys, ssl certificates etc.

I’ve heard storing these essentials in git alongside the code is not appropriate. If not there then where do I store them?
Jul 23, 2018 in Git & GitHub by Hannah
 • 18,520 points 1,252 views

1 answer to this question.

0 votes

You can use any of the various Secrets Management Tools.

You can store your secrets in code in your SCM IF they are encrypted. You still need to deliver a secret securely at deploy time (or have it available at startup) to be able to decrypt the secrets (password, credentials, secrets, certs) that have been deployed. That is where the Secrets Management Tool (such a Vault) comes in. The tool will allow you to securely retrieve your secret for use in decryption of the secrets when it's needed.

The other way is to actually store all secrets, certificates etc. outside of the SCM in the Secret Management Tool itself and retrieve them at deploy / startup time.

But obviously both these methods have their own pros and cons.

Ready to Build the Future of IT? Start with Our DevOps Engineer Course!

answered Jul 23, 2018 by Kalgi
 • 52,350 points

Related Questions In Git & GitHub

0 votes
1 answer

How to allow the client to switch git branches on a website? (*without technical knowledge, for QA)

I think ,except the two options you ...READ MORE

answered Jun 17, 2018 in Git & GitHub by shubham
 • 7,340 points 1,174 views
0 votes
1 answer

Not able to push the file to the remote repository from the local repository.PFA for the same

Please let me know if you have set ...READ MORE

answered Dec 17, 2018 in Git & GitHub by Arohi
 1,027 views
0 votes
1 answer

Error : unable to write symref for HEAD: Function not implemented

This is usually caused by a permission ...READ MORE

answered Oct 30, 2020 in Git & GitHub by Kim
 7,851 views
0 votes
1 answer

How to change the URL for a remote Git repository?

Hi@akhtar, You can use the git remote command ...READ MORE

answered Nov 21, 2020 in Git & GitHub by MD
 • 95,460 points 1,093 views
+6 votes
1 answer

Web UI (Dashboard): https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/

Hey @nmentityvibes, you seem to be using ...READ MORE

answered Dec 13, 2018 in Kubernetes by Kalgi
 • 52,350 points 7,931 views
+15 votes
2 answers

Git management technique when there are multiple customers and need multiple customization?

Consider this - In 'extended' Git-Flow, (Git-Multi-Flow, ...READ MORE

answered Mar 27, 2018 in DevOps & Agile by DragonLord999
 • 8,450 points 4,034 views
+4 votes
1 answer

How do I go from development docker-compose.yml to deployed docker-compose.yml in AWS

It can work if you try to put ...READ MORE

answered Jun 7, 2018 in AWS by Cloud gunner
 • 4,670 points 5,335 views
+2 votes
1 answer

How to store data in Hyperledger Fabric after restart?

When you use docker-compose down, all the ...READ MORE

answered Jul 27, 2018 in Blockchain by digger
 • 26,740 points 3,094 views
+1 vote
4 answers

GIT plugin in jenkins not able to connect to GIT repository

This looks like a git configuration issue, ...READ MORE

answered Oct 25, 2018 in Git & GitHub by Alia
 19,829 views
0 votes
1 answer

gerrit-cherry-pick:fatal: 'origin' does not appear to be a git repository

The user account making that command does ...READ MORE

answered Aug 13, 2018 in Git & GitHub by Kalgi
 • 52,350 points 1,943 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP
"PMP®","PMI®", "PMI-ACP®" and "PMBOK®" are registered marks of the Project Management Institute, Inc. MongoDB®, Mongo and the leaf logo are the registered trademarks of MongoDB, Inc.