I was wondering if there is a safe way to have different API/private keys stored on my machine, this helps creating helpful deployment and automation scenarios. however, having the keys reside in files seems to be a bit dangerous to me, maybe there is a better secure way to store them?
Hashicorp Vault is simple to run and has a HTTP api and cli.
But you want as little as possible hassle of course. I didn't require high availability, but liked coding to the vault api so i could go there later. I wanted to store and administer secrets in encrypted yaml, which i could then batch load into Hashicorp Vault. I use Ansible Vault to manage the encrypted yaml file with a passphrase.
To this end I created Safe, a tool to run Hashicorp Vault and load secrets from yaml in a single command. See
https://gitlab.com/nerdalize/safe. It requires Docker, the bash script (and Ansible Vault or some other file encryption util).
But you want as little as possible hassle of course. I didn't require high availability, but liked coding to the vault api so i could go there later. I wanted to store and administer secrets in encrypted yaml, which i could then batch load into Hashicorp Vault. I use Ansible Vault to manage the encrypted yaml file with a passphrase.
To this end I created Safe, a tool to run Hashicorp Vault and load secrets from yaml in a single command. See https://gitlab.com/nerdalize/safe. It requires Docker, the bash script (and Ansible Vault or some other file encryption util).