| HN Mirror

Y	Hacker News new \| ask \| show \| jobs


	by kaishiro 3200 days ago
	Responding not so much with a solution but with a question. We currently encrypt files in place with gpg (secretKeys.json => secretKeys.json.encrypted) and have the source file (secretKeys.json) git ignored while the derivative file is just added to the repo. This is admittedly a bit low tech, but could someone more well versed than me tell me what's wrong with this setup.

1 comments

czbond 3200 days ago

Then as part of your code or deployment, your private key is on a server and some process decrypts it? It is low tech, but a good solution. Only concern would be how that private key is stored, and if it could be compromised. (edited)

link

kaishiro 3200 days ago

Thanks czbond. And yeah, that's precisely the setup. Appreciate the response.

link