credstash
Using Credstash is an alternative way to secrets.yaml
. They can be managed from the command line via the credstash script.
Before using credstash, you need to set up AWS credentials either via the aws
command line tool or using environment variables as explained in the AWS CLI documentation as well as creating a KMS key named credstash
as explained in the credstash Readme. After that is complete, you can use the provided script to add secrets to your Open Peer Power secret store in credstash.
$ opp --script credstash --help
To store a password in credstash, replace your password or API key with !secret
and an identifier in configuration.yaml
file.
example:
password: !secret example_password
Create an entry in your credstash store.
$ opp --script credstash put http_password 123
List your secrets.
$ opp --script credstash list