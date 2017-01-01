Hacker News new | comments | show | ask | jobs | submit login
Rails 5.1.0.rc1: Loving JavaScript, System Tests, Encrypted Secrets, and More (rubyonrails.org)
25 points by aaronbrethorst 1 hour ago | hide | past | web | 5 comments | favorite





The improved Javascript support sounds great, and I'd like to take a closer look at what they're doing with routes. I'm not feeling the idea of checking encrypted secrets into source control, though.

That feels like asking for troubles. I guess it would be okay if everything about the whole encryption system is 100% perfect, but what are the odds of that? If you've ever published a version of the encrypted secrets anywhere public and a bug in the way they use encryption is ever discovered, then all of your secrets are exposed, possibly for an unknown amount of time without you ever knowing. I don't see why you would bother with the risk and trouble when keeping them entirely secret seems much harder to mess up.

reply


I guess it would be okay if everything about the whole encryption system is 100% perfect, but what are the odds of that?

Pretty high? Encrypted secrets are used a lot for companies that host their version control system on-prem.

reply


Encrypted secrets checked into source control is an anti-pattern.

reply


Yes, please expand. We're using encrypted secrets part of our Ansible Playbooks. It hasn't let us down yet.

reply


Can you expand on this?

We're doing encrypted secrets in config that get decrypt by aws kms on application startup and it's been working quite well for us.

reply




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: