|
|
|
|
|
|
by web007
3586 days ago
|
|
|
Using KMS is a good idea, but I'm not really sure what this package gives you - just a simple abstraction / cmdline to deal with it? This would be better if it could use the aliases directly, so you could have one config across N environments and separate them by AWS keyspace. Having to embed the full KMS path for each key gains you the secret management they claim (which is a good thing) but sacrifices ease of use. That said, aliases wouldn't help with missing secrets or misconfiguration across environments, and its a lot easier to audit string-for-string to match your KMS store, so either approach has its pluses and minuses. |
|
|