How can I save my secret keys and password securely in my version control system?

Question

I keep important settings like the hostnames and ports of development and production servers in my version control system. But I know that it\'s bad practice to kee

Answer 1

This is what I do:

• Keep all secrets as env vars in $HOME/.secrets (go-r perms) that $HOME/.bashrc sources (this way if you open .bashrc in front of someone, they won't see the secrets)
• Configuration files are stored in VCS as templates, such as config.properties stored as config.properties.tmpl

• The template files contain a placeholder for the secret, such as:

  my.password=##MY_PASSWORD##

• On application deployment, script is ran that transforms the template file into the target file, replacing placeholders with values of environment variables, such as changing ##MY_PASSWORD## to the value of $MY_PASSWORD.