credentials- Secure Credentials Storage and Distribution

credentials- Secure Credentials Storage and Distribution

This library provides a unified interface for managing secure, shared credentials. It uses Amazon Key Management Service (KMS) for master key management, locally encrypts and decrypts secrets, which are then stored in any of the supported storage backends. (Currently DynamoDB.)

The use-case is to avoid storing sensitive information such as passwords and connection strings in plaintext in places such as source control or on developers' machines. Instead you can securely administer and distribute secrets, leveraging Amazon's IAM policies for access control and permissions to ensure limited read-only permissions from production/deployed hosts. You can embed this library into projects such as web applications to securely retrieve sensitive information such as database passwords or private keys on startup.

A complementary CLI for management of credentials can be installed via credentials-cli.

You can read more about other use-cases and prerequisites here.