Comment by dvektor
9 months ago
I store my secrets in gpg encrypted files and inject them into my environment in my shell rc file.
AWS_SECRET_ACCESS_KEY=$(gpg -d ~/.secrets/aws/key.asc)
type of deal. its annoying to put in a password every time i open a new tmux pane but hey, better than plain text.
That was what I did before knowing about shell-secrets. But I also need different "contexts" on the same domains/tools (different AWS accounts and credentials for different clients), and having none "set" by default prevents me from running _whatever command_ by mistake the majority of the time.
If you're using more complicated systems than just a single root account, have a look at https://github.com/99designs/aws-vault too.