[GTALUG] Storing Securities in a Git Repo

Greg Martyn greg.martyn at gmail.com
Tue Oct 28 18:51:57 UTC 2014


If you're deploying to EC2, I'd recommend assigning an IAM role to your
servers. That way their credentials will be automatically rotated and
assigned during server provisioning. That completely obviates the burden of
storing the credentials.

It's pretty easy to set up. Create a role in IAM, assign it permissions,
then when launching a server, give it that same role. The docs[1] have an
example of how to use curl to query for the credentials.

By doing it this way, you can make sure that each server only have access
to what it needs. An example configuration might have one role for test
servers and one for live. That would make it impossible for the test
servers to accidentally make changes to the live s3 bucket for example.

[1]:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

Hope that helps.

-Greg

On Tue, Oct 28, 2014 at 12:39 PM, Myles Braithwaite <me at mylesbraithwaite.com
> wrote:

> Does anyone have any experience storing securities (i.e. AWS access
> and security keys) in a Git repository?
>
> I did some Googling and found a two solutions, git-crypt[1] and
> blackbox[2]. Anyone tried them before?
>
> [1]: https://github.com/AGWA/git-crypt
> [2]: https://github.com/StackExchange/blackbox
>
> --
> Myles Braithwaite | http://mylesb.ca/e
>
>
> ---
> GTALUG Talk Mailing List - talk at gtalug.org
> http://gtalug.org/mailman/listinfo/talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/talk/attachments/20141028/f7e17a20/attachment.html>


More information about the talk mailing list