
Show HN: Ejson-kms a tool for managing secrets in source control using AWS KMS - akohlbecker
https://github.com/adrienkohlbecker/ejson-kms
======
akohlbecker
Hey guys,

Here is a little project I've been working on for the past few days. It is a
utility for managing a collection of secrets in source control using AWS KMS,
heavily inspired by Shopify's ejson and credstash.

The secrets are encrypted using secret-key cryptography, using key wrapping
with a master key stored on HSM-backed storage at AWS. Encrypted secrets are
stored in a JSON file that can easily be shared and versioned.

Feedback welcome :)

PS: Shameless plug, I'm currently looking for a job as a Go developper. Ping
me at adrien.kohlbecker [at] gmail if you like what you see!

~~~
areox
Hi Adrien, sounds nice. Have you already had the chance to test it in some
project of yours?

~~~
akohlbecker
Thanks! I'm using it in production right now to deploy a few docker containers
on AWS. This has grown from our previous use of EJSON and the need to forego
setting up the private key on the local filesystem.

