If it won't be simple, it simply won't be. [Hire me, source code] by Miki Tebeka, CEO, 353Solutions

Tuesday, August 24, 2021

Using gpg for Secrets

I'm using direnv in my project, and sometimes want to set secrets such as AWS_ACCESS_KEY_ID and friends. I usually have a file like:
export AWS_ACCESS_KEY_ID=ABCDEFGHIJK
export AWS_SECRET_ACCESS_KEY=ABCDEFGHIJK/lmnopqrstuvwxyz
export AWS_DEFAULT_REGION=us-east-1
However I don't want to store these values in the clear. The solution I found was to encrypt the file with gpg and then have the following line in the .envrc:
eval $(gpg -qdo- ../../../aws.sh.gpg) 

No comments:

Blog Archive