[dvektor]

I store my secrets in gpg encrypted files and inject them into my environment in my shell rc file.

AWS_SECRET_ACCESS_KEY=$(gpg -d ~/.secrets/aws/key.asc)

type of deal. its annoying to put in a password every time i open a new tmux pane but hey, better than plain text.

[mgarciaisaia]

That was what I did before knowing about shell-secrets. But I also need different "contexts" on the same domains/tools (different AWS accounts and credentials for different clients), and having none "set" by default prevents me from running _whatever command_ by mistake the majority of the time.

[viraptor]

If you're using more complicated systems than just a single root account, have a look at https://github.com/99designs/aws-vault too.