Reputation: 3311
Storing Amazon S3 keys in private repo
Is it safe for me to store my Amazon S3 keys/secrets in a private Github repo? I know that it is not safe for a public repo but I am wondering if a private repo is safe?
Upvotes: 5
Views: 909
Answers (2)
Reputation: 937
@vonc is correct but if dont want to setup and maintain vault, you can consider using aws parameter store (https://aws.amazon.com/ec2/systems-manager/parameter-store/) to store your secrets keys which is lot easier.
Upvotes: 2
Reputation: 1324937
As mentioned in GitHub Security page:
We do not encrypt repositories on disk because it would not be any more secure: the website and git back-end would need to decrypt the repositories on demand, slowing down response times
So if there is any leak (like in 2012), your data is out as well.
You can see that approach being criticized in this thread.
I would recommend an external service that you control for your secrets.
For instance, HashiCorp Vault is a good one.
Upvotes: 4
Related Questions
- Publish to S3 using Git?
- Keeping AWS keys out of github
- Is exposing a s3 secret access key in travis.yml file on an opensource project on Github a security risk?
- Managing secret keys
- How do I store keypair in s3?
- Amazon secret keys and Heroku
- Git S3 KeyError
- Git repository on S3 (as "origin", not as backup)
- AmazonS3: is it a good idea to expose (public) key to users
- How to keep secret keys a secret from sys admin?