Bear's Log

I've seen a few recent tips and tricks being published about how to store deploy secrets. Those configuration items, keys and other things you normally don't want public, or even in the same repo, as the other parts of a deploy stack and thought I would make a quick post about why I think it's a bad idea.

The first issue that came to mind was that a simple mistake made in setting up your git environment and you could accidentally clear-post without realizing it. Sure the data is stored encrypted and you would need to checkout using the key, but how many times have you copied whole directories over from one project to another by using the command line?

Another is about how encrypted text is attacked. Analysis is often done of the encrypted text over time and now you have just given an attacker a known history of all changes.

But for me the real reason is part tech and part social engineering - usage of secret data should have a separate method of retrieval that makes you think about the fact that you are pulling secret data.

Sure, with the git repo storage method, the data is encrypted unless the key is present, but once the git config is setup you may not realize that a project has secret data if your reviewing the files because they are all unprotected on the local system that has the keys present.

If you have to run a distinctly different command set or tool to get secret data then you are reminded each and every time that this environment is special and needs to be protected and IMO that is a good thing.

Edit: missing period and small change to "a known history" sentance