Hacker News new | past | comments | ask | show | jobs | submit login

Ansible handles this issue very cleanly with a feature called "vault": http://docs.ansible.com/playbooks_vault.html

I think it probably works better integrated into the deployment system. The developer can still write {{ DBPASSWORD }} wherever they need and not have to worry that they don't know what the password on production or staging is.




The README.md explains how to do this cleanly with Puppet and Hiera.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: