
Show HN: Credstash – A tiny python utility for managing secrets in EC2 - _alex_
https://github.com/LuminalOSS/credstash
======
kolev
Why DynamoDB and not, let's say, SimpleDB? I'm sorry but isn't this "tiny"
utility coming with huge requirements indeed?

~~~
_alex_
SimpleDB is deprecated, more expensive than DDB, and kind of weird to use.
Backing your keystore with a deprecated service just sounds like a road to
many sleepless nights ;)

The utility does depend on three external services: DynamoDB, KMS, and IAM
(for permissioning). This might sound like a lot, but the target usecase for
something like this is a fleet running in the cloud. If you're already running
in EC2, then using IAM roles to distribute AWS creds is a no-brainer and very
simple. KMS and DDB are also not arduous things to depend on if you're already
in the cloud.

For credstash, you need to set up your KMS key (and set whatever policies
around it make sense for you). Once you do that, there's nothing to manage.
Sure, you depend on DDB, but credstash creates the table for you, and unless
you need to dial up more throughput (which is a mouse-click operation), you
never have to touch it.

~~~
kolev
I am sorry, but how can DynamoDB be cheaper when I have to pay to provision
capacity and SimpleDB is practically free for low-volume stuff like this? S3
is probably an even better option, which seem to be on the roadmap,
thankfully.

~~~
athrun
DynamoDB is quite inexpensive at low usage levels. The Free Tier gives you:
"25 GB of Storage, 25 Units of Read Capacity and 25 Units of Write Capacity –
Enough to handle up to 200M requests per month"

DynamoDB's free tier doesn't expire after 12 months. (Source:
[http://aws.amazon.com/free/](http://aws.amazon.com/free/))

