how to store secrets outside of .dotfiles?

[jesperronn]

Maybe I am missing the obvious. but where do I store secret keys for AWS, Heroku, etc and still have them loaded via dotfiles?

What would be my prefered way of doing that?

[Brzhk]

Hey there,
The simplest solution would be to leave theses secret-containing files on a different medium you can trust - maybe a simple USB Key would be enough for you. However, if you want to store theses files publicly and still be able to hide your secret, i suggest looking into theses:

• use git-crypt to cipher and decipher your files as you commit / checkout
• Use ansible & ansible-vault to deploy your dotfiles.

The Ansible way is, by far, my favorite solution so far. It's an amazing tool you will probably find useful one way or another, and is, in my opinion, worth looking into.
If you need a more custom/complex solution, you can maybe build a custom system on top of other kind of products... maybe hashicorp vault?

[gMagicScott]

I've been using LastPass for that since they now have a CLI tool.

export SAAS_SECRET=`lpass show sass_seceret --password`

[strong-code]

Used @gMagicScott suggestion and it worked perfectly as I required tokens in some commands.

Example:

curl -F file=@'foo.txt' -F uuid=$(lpass show --notes uuid_token) http://myhost.com