DEV Community


Discussion on: Only code goes into a repository, right?

bernadusedwin profile image

If your member team is not familiar git or hg, use dropbox. Dropbox has history versioning, use it for emergency case

jbristow profile image
Jon Bristow • Edited

Dropbox has access to the keys that encrypt the files you put on it. Now you have to encrypt your files first and then store them on Dropbox. Then how do you pass the secrets required to decrypt?

I prefer to use GPG solutions to send sensitive data. The only problem is that people are scared of a lot of the tools. Keybase is a decent tool so far, but it's got some warts still from the UI side. (It's way easier if you understand some of its design decisions re: GPG).

Our solution for long-lived secrets is PwSafe, and rotating its access key frequently (I think we're up to monthly) and then disseminating that key to our team via GPG.

For deployment stuff, we're mainly just using KMS keys and super restrictive roles. In our long-term CD strategy, we're working on choosing a more scalable solution (like Vault)