Hacker News new | past | comments | ask | show | jobs | submit login

And before this you could implement Cloud KMS in your app to decrypt the encrypted secrets you can store in your repo.



This still seems ridiculous. Why did I need to keep secrets in my repo to begin with? GAE, as far as I can tell, has been the only major PaaS that hasn't offered a solution for this. It's so easy to get wrong...it contradicts one of the biggest rules of version control: keep your secrets out of your repo.


There are a million ways to do it that don't require Google? Your CI system builds the production image, it can get secrets from anywhere.


My CI system arguably shouldn't have access to production secrets any more than my developers' macbooks.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: