Fork me on GitHub
#clojuredesign-podcast
<
2023-12-23
>
leifericf12:12:25

Hi, guys! I've heard you mention keeping dev secrets in a dev.edn file a few times. That works well, and I still do that sometimes. But are you aware of https://github.com/magnars/confair by @magnars? It lets you check in encrypted secrets and configs into your Git repo. Very useful and “standard” in the (small) Norwegian subcommunity! I thought you might like it. Cheers and Merry Christmas!

neumann20:12:17

@U01PE7630AC @U0JEFEZH6 Thanks for the suggestions! I’ll have to check those out. As for crypting within a got repo, I’ve used a separate repo for that. Something totally separate than my source repo. I also like the idea of having a command line interface to a secrets manager. Thanks again!

Cora (she/her)03:01:21

committing secrets always felt risky. if you get the crypto wrong or someone finds a flaw in the crypto you're using then all your secrets are forever available in the git history, forcing a rotation. storing the secrets in a separate service that maintains proper encryption and security for you always felt safer

👍 1
nate03:01:01

Absolutely, much safer to store in a separate service and inject it into the service at runtime so that it's never persisted anywhere in plain text.