credstash


Using Credstash is an alternative way to secrets.yaml. They can be managed from the command line via the credstash script.

Before using credstash, you need to set up AWS credentials either via the aws command line tool or using environment variables as explained in the AWS CLI documentation as well as creating a KMS key named credstash as explained in the credstash Readme. After that is complete, you can use the provided script to add secrets to your Open Peer Power secret store in credstash.

$ opp --script credstash --help

To store a password in credstash, replace your password or API key with !secret and an identifier in configuration.yaml file.

example:
  password: !secret example_password

Create an entry in your credstash store.

$ opp --script credstash put http_password 123

List your secrets.

$ opp --script credstash list