jm + credentials   3

aws-vault
'A vault for securely storing and accessing AWS credentials in development environments'.

Scott Piper says: 'You should not use the AWS CLI with MFA without aws-vault, and probably should not use the CLI at all without aws-vault, because of it's benefit of storing your keys outside of ~/.aws/credentials (since every once in a while a developer will decide to upload all their dot-files in their home directory to github so they can use the same .vimrc and .bashrc aliases everywhere, and will end up uploading their AWS creds).'
aws  vault  security  cli  development  coding  dotfiles  credentials  mfa 
18 days ago by jm
Shopify/ejson
'a small library to manage encrypted secrets using asymmetric encryption.'
The main benefits provided by ejson are:

Secrets can be safely stored in a git repo.
Changes to secrets are auditable on a line-by-line basis with git blame.
Anyone with git commit access has access to write new secrets.
Decryption access can easily be locked down to production servers only.
Secrets change synchronously with application source (as opposed to secrets provisioned by Configuration Management).
Simple, well-tested, easily-auditable source.
crypto  security  credentials  encryption  ejson  json  configuration  config 
july 2016 by jm
AWSume
'AWS Assume Made Awesome' -- 'Here are Trek10, we work with many clients, and thus work with multiple AWS accounts on a regular (daily) basis. We needed a way to make managing all our different accounts easier. We create a standard Trek10 administrator role in our clients’ accounts that we can assume. For security we require that the role assumer have multifactor authentication enabled.'
mfa  aws  awsume  credentials  accounts  ops 
april 2016 by jm

Copy this bookmark:



description:


tags: