Store Amazon S3 keys in a private repo

Question

Store Amazon S3 keys in a private repo

Can I store my Amazon S3 keys / secrets in a private Github repository? I know this is not public repo safe, but I'm wondering if a private repo is safe?

+3

security github amazon-s3

georgej June 24. 17 at 12:19 am

source to share

2 answers

VonC · Answer 1 · 2017-06-24T00:41:48+0000

As stated in the GitHub Security Page :

We do not encrypt the repos on disk because it will not be more secure: the website and git will need to decrypt the repositories on demand to shutdown, slowing down the response time

So, if there is any leak ( as in 2012 ), your data is also missing.
You can see that the approach is being criticized in this thread .

I would recommend an external service that you monitor for your secrets.
For example, HashiCorp Vault is good.

Madhan s · Answer 2 · 2017-06-24T06:08:39+0000

@vonc is correct, but if you don't want to configure and maintain the store, you might want to consider using the aws parameter store ( https://aws.amazon.com/ec2/systems-manager/parameter-store/ ) to store your secret keys. which is much easier.

Store Amazon S3 keys in a private repo

More articles: