
Ask HN: Where to store sensitive keys? - level09
I was wondering if there is a safe way to have different API&#x2F;private keys stored on my machine, this helps creating helpful deployment and automation scenarios. however, having the keys reside in files seems to be a bit dangerous to me, maybe there is a better secure way to store them?
======
feliksik
Hashicorp Vault is simple to run and has a HTTP api and cli.

But you want as little as possible hassle of course. I didn't require high
availability, but liked coding to the vault api so i could go there later. I
wanted to store and administer secrets in encrypted yaml, which i could then
batch load into Hashicorp Vault. I use Ansible Vault to manage the encrypted
yaml file with a passphrase.

To this end I created Safe, a tool to run Hashicorp Vault and load secrets
from yaml in a single command. See
[https://gitlab.com/nerdalize/safe](https://gitlab.com/nerdalize/safe). It
requires Docker, the bash script (and Ansible Vault or some other file
encryption util).

------
rgacote
etcd ([https://github.com/coreos/etcd](https://github.com/coreos/etcd)) or one
of its variants is an option.

------
kspaans
If you use Puppet for deployments and management, you could use Hiera-Eyaml:
encrypted YAML. Then it's just a matter of managing the master key.

------
giaour
Take a look at HashiCorp's Vault

------
euroclydon
Put them in Environmental Variables in the same shell that starts the process.

