You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
### Store your secrets encrypted in a git repository
**Advantages**
* Your secrets are synced.
No, no no no no no,
No.
No.
Secrets have no place in version control - they shouldn't be distributed, they shouldn't be in version control.
If the secrets are encrypted and in version control that's even worse because you have to distribute the private key for them as well, sooner or later this will inevitably end up in your repository.
Once the secrets (and worse - potentially your private key too) are in version control (and heaven forbid outside of a network you control), you are relying completely on software you likely don't have control over to ensure these secrets remain exactly that; secret.
This is before you get to the issue of there suddenly being zero accountability, if you're using something like AWS and using a non-free service and everyone's using the same set of credentials there's no way of keeping track of who's running up the bill.
Secrets need to be exactly that - secret, bonus points if they're also easy to revoke and replace.
The text was updated successfully, but these errors were encountered:
By opening a private repository that hosts all of the secrets, it opens up a new attack vector. Often people will sign up for random services and use the GitHub integration; often, they don't review what the service is allowed to see. This is another attack vector. As DLMousey said above, you are relying on software outside of your network to be in control rather.
No, no no no no no,
No.
No.
Secrets have no place in version control - they shouldn't be distributed, they shouldn't be in version control.
If the secrets are encrypted and in version control that's even worse because you have to distribute the private key for them as well, sooner or later this will inevitably end up in your repository.
Once the secrets (and worse - potentially your private key too) are in version control (and heaven forbid outside of a network you control), you are relying completely on software you likely don't have control over to ensure these secrets remain exactly that; secret.
This is before you get to the issue of there suddenly being zero accountability, if you're using something like AWS and using a non-free service and everyone's using the same set of credentials there's no way of keeping track of who's running up the bill.
Secrets need to be exactly that - secret, bonus points if they're also easy to revoke and replace.
The text was updated successfully, but these errors were encountered: