
ECS and Vault: Shhhhh I have a secret - kiyanwang
https://www.kickstarter.com/backing-and-hacking/ecs-and-vault-shhhhh-i-have-a-secret
======
koolba
This will break _badly_ if you have whitespace in your environment variable
names or values:

    
    
        export $(envconsul -once -config="/envconsul-config.hcl" env | xargs)
    

What they really should do is add an "\--as-exports" option that outputs lines
of properly escaped "export FOO=<value>" lines. That output could then be
processed in a script via:

    
    
        envconsul --as-exports | source /dev/stdin

------
flurdy
I did not realise this was a tech blog by kickstarter themselves. I kept
looking for where do I back this project. I thought maybe this was a new "back
a howto or integration example" feature... Its early, my brain is not yet
awake.

------
nodesocket
Any idea if Kickstarter looked at secret store alternatives such as Square
Keywhiz[1] or Sneaker[2]?

    
    
      [1] https://square.github.io/keywhiz/
      [2] https://github.com/codahale/sneaker

~~~
ktheory
(Kickstarter staff here.)

We did. Those are great projects.

Personally, I see Vault having a lot of community momentum behind it; and it
can easily solve some complicated security infrastructure beyond storing
secrets (the PKI, MySQL & ssh secret backends are particularly compelling).

------
otterley
How are you garbage collecting the S3 objects?

