re: Only code goes into a repository, right? VIEW POST

TOP OF THREAD FULL DISCUSSION
re: If your member team is not familiar git or hg, use dropbox. Dropbox has history versioning, use it for emergency case
 

Dropbox has access to the keys that encrypt the files you put on it. Now you have to encrypt your files first and then store them on Dropbox. Then how do you pass the secrets required to decrypt?

I prefer to use GPG solutions to send sensitive data. The only problem is that people are scared of a lot of the tools. Keybase is a decent tool so far, but it's got some warts still from the UI side. (It's way easier if you understand some of its design decisions re: GPG).

Our solution for long-lived secrets is PwSafe, and rotating its access key frequently (I think we're up to monthly) and then disseminating that key to our team via GPG.

For deployment stuff, we're mainly just using KMS keys and super restrictive roles. In our long-term CD strategy, we're working on choosing a more scalable solution (like Vault)

code of conduct - report abuse