note
stonecolddevin
<p>what in the hell does LDAP, PAM or anything else you mentioned have to do with separating credentials from code? Those all still require credentials, they are not credential token stores.</p><p>Something like [https://devcenter.heroku.com/articles/config-vars] or [https://kubernetes.io/docs/concepts/configuration/secret/] or [https://www.vaultproject.io/] or [https://aws.amazon.com/blogs/security/how-to-manage-secrets-for-amazon-ec2-container-service-based-applications-by-using-amazon-s3-and-docker/|a secure s3 bucket] would all have been great answers. Hell, we used to use a mysql db with encrypted credentials over a REST interface as a token store.</p> <!-- Node text goes above. Div tags should contain sig only -->
<div class="pmsig"><div class="pmsig-203787">
<p>Three thousand years of beautiful tradition, from Moses to Sandy Koufax, <b>you're god damn right I'm living in the fucking past</b></p>
</div></div>
1195056
1195075