Then you need a different secret in the application: the key to the data in the ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

JoshTriplett on April 11, 2017 | parent | context | favorite | on: Crypto Tools for DevOps: Git-Crypt – Tozny

Then you need a different secret in the application: the key to the data in the S3 buckets.

Ultimately, you have to supply at least one secret to the application at runtime, and then it can bootstrap its way to others if needed.

jonesetc on April 11, 2017 [–]

All you need are the same IAM secrets that you already needed for terraform. Keeping the state out of repos and in encrypted buckets is definitely the way to go.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact