
Ask HN: How do you store secret site credentials? - mmettler
The default option seems to be just put your secrets in the cloud somewhere. Other options seem to involve using a vault like 1Password (clunky), or gpg &amp; file encryption (messy). It seems that Hashicorp&#x27;s Vault should do this, but I can&#x27;t quite figure how.<p>Is there a good way to have credentials somehow checked in with your code?
======
tekronis
If you're using AWS, you can use Secrets Manager:
[https://aws.amazon.com/secrets-manager/](https://aws.amazon.com/secrets-
manager/)

------
mattbillenstein
We encrypt them with a secret not in the repo itself - part of our deploy
decrypts them as-needed.

edit: scripted in python via pynacl...

