DEV Community

Discussion on: How to securely store API keys

Collapse
jasongabler profile image
Jason Gabler

Where do you store the encryption keys that you use to encrypt the keys you've stored on Github? Chicken? Egg?

Collapse
jeroen1205 profile image
Jeroen Jacobs

I suffer from the same dilemma all the time. I considered Hashicorp Vault as a credentials store, but you still need an access token to access the stored credentials, which means I need to store this token somewhere in my deployment tool (in my case, Ansilbe). Ansible has the ability to encrypt variables, but then I need to store that encryption key somewhere too. If you are automating all deployments (like I do), then you always need to store a secret somewhere. it's a never-ending cycle...

Collapse
jasongabler profile image
Jason Gabler

I suppose it's a matter of figuring out the most secure egg (or chicken, if you prefer), a lesser of all the evils. Meh.