secrets

[tloudon]

Hi @aarontc,

We will need some way to manage usernames/passwords/api keys. Do you have a preference here? Should we create some dummy gmail, twitter, slack accounts and share the credentials offline for easier testing/QA?

Thanks!

//cc @danascheider

[aarontc]

@tloudon,

My preference for storing secrets is to either use environment variables on the host, or a configuration file (YAML/JSON) stored outside of the git checkout path. Environment variables are easier if the service is to be dockerized.

Dummy accounts would be great for integration testing. I'd be fine with sharing them offline or via GPG encrypted messages.

[tloudon]

env vars +1
re:dummy accts, sounds good.

[danascheider]

Yeah, I always use env vars. Where are we deploying this to @tloudon ?

[tloudon]

Hey @danascheider!

@aarontc thought he might have a server that could work. Otherwise, I'm happy to sponsor a little digital ocean box. Cool?

[aarontc]

I have capacity on my VM cluster colo'd in downtown PDX that I'm willing to donate, but I'm not opposed to other options if you have a different preference, @danascheider.

[danascheider]

I don't really have a preference - I don't imagine this being particularly vulnerable to security attacks and that's ordinarily a big consideration for me when deciding where to deploy to.