Path: csiph.com!usenet.pasdenom.info!goblin3!goblin.stu.neva.ru!panix!roy From: Roy Smith Newsgroups: comp.lang.python Subject: Re: [OT] Testing and credentials best practices? Date: Sun, 20 Apr 2014 14:32:31 -0700 Organization: PANIX Public Access Internet and UNIX, NYC Lines: 23 Message-ID: References: <267e12d3-ea01-4886-bfa7-5c7270adbe92@googlegroups.com> NNTP-Posting-Host: localhost X-Trace: reader1.panix.com 1398029551 19666 127.0.0.1 (20 Apr 2014 21:32:31 GMT) X-Complaints-To: abuse@panix.com NNTP-Posting-Date: Sun, 20 Apr 2014 21:32:31 +0000 (UTC) User-Agent: MT-NewsWatcher/3.5.3b3 (Intel Mac OS X) Xref: csiph.com comp.lang.python:70431 In article <267e12d3-ea01-4886-bfa7-5c7270adbe92@googlegroups.com>, Miki Tebeka wrote: > Greetings, > > How do you deal with tests (both on dev machine and Jenkins) that need > credentials (such as AWS keys)?. I know of the following methods: > > 1. Test user with known (stored in source control) limited credentials > 2. ~/.secrets (or any other known location) RC file which is not in source > control > 3. Credentials service (such as ZooKeeper) accessed only from VPN > 4. Credentials pre user encrypted (gpg) and stored in source control > > What method are you using? Are there any best practices in the subject? We've been looking at using etcd to store credentials (essentially the same solution as zookeeper). It seems like the right way to go. So far, my impression of etcd is "neat, promising, not ready for prime time yet" (to be fair, the etcd folks don't claim it's stable yet). ZooKeeper at least has the advantage of being in production use for a long time, so it should be pretty bullet-proof.