-
Notifications
You must be signed in to change notification settings - Fork 1
Competitor: AWS KMS
Kyle Kamperschroer edited this page Jan 26, 2016
·
1 revision
An encryption/decryption tool backed by some multi-tenant HSMs. Encrypted secrets then can be safely checked into source and decrypted when needed.
- Safer than storing secrets in source and safer than GitCrypt
- Not as worrying if encrypted secrets leak
- Encryption keys never leave the HSM
- No auditing
- Bad code allowing remote code execution exposes the secrets
- Rolling secrets requires full deployment