If you're running in AWS, you can also make use of Parameter Store, which seems to fly under the radar for a lot of people (being buried three layers deep inside another product probably contributes to that). It allows you to set general configuration parameters, as well as secrets which are encrypted at rest using KMS. At my job, we're starting to use Parameter Store a lot, even when we're testing our applications locally. Our keys never have to live on our machines - as long as we're logged into the AWS CLI, our apps can access them in the same way they would in production.
If you're running in AWS, you can also make use of Parameter Store, which seems to fly under the radar for a lot of people (being buried three layers deep inside another product probably contributes to that). It allows you to set general configuration parameters, as well as secrets which are encrypted at rest using KMS. At my job, we're starting to use Parameter Store a lot, even when we're testing our applications locally. Our keys never have to live on our machines - as long as we're logged into the AWS CLI, our apps can access them in the same way they would in production.
Hi Joseph. Thanks for sharing information about the AWS Parameter Store! I didn't know about it, and it certainly looks like a good solution.