Storing Infrastructure Secrets in Script

When migrating your organizations culture to the DevOps way automation is a key component. Not only automation of builds and testing but also automation of infrastructure components. As I’m sure most readers are aware the build out of infrastructure components usually requires elevated permissions using credentials that we would prefer not be widely published. How do we accomplish this level of automation while still keeping the necessary elevated permissions secure and still allow team members that don’t necessarily have required permissions to run the scripts?
Below are a few examples of secure credentials storage in infrastructure scripts.
PowerShell:https://blogs.technet.microsoft.com/robcost/2008/05/01/powershell-tip-storing-and-using-password-credentials/
AWS KMS:https://blog.fugue.co/2015-04-21-aws-kms-secrets.html
CyberArk:http://www.cyberark.com/solutions/by-project/application-credential-security/

Leave a Reply

Your email address will not be published. Required fields are marked *