How do you store secret site credentials?

Question

The default option seems to be just put your secrets in the cloud somewhere. Other options seem to involve using a vault like 1Password (clunky), or gpg & file encryption (messy). It seems that Hashicorp's Vault should do this, but I can't quite figure how.Is there a good way to have credentials somehow checked in with your code?

tekronis · Accepted Answer

If you're using AWS, you can use Secrets Manager: https://aws.amazon.com/secrets-manager/

mattbillenstein · Answer

We encrypt them with a secret not in the repo itself - part of our deploy decrypts them as-needed.edit: scripted in python via pynacl...