ejson (Shopify)

2022-08-22 · 1 min read

EJSON is a small library to manage encrypted secrets using asymmetric encryption.

• Github: https://github.com/Shopify/ejson
• Related: https://github.com/Shopify/ejson2env
• Similar: ejson-kms (AWS), mozilla SOPS, sy - share secrets safely

The main benefits provided by ejson are:

• Secrets can be safely stored in a git repo.
• Changes to secrets are auditable on a line-by-line basis with git blame.
• Anyone with git commit access has access to write new secrets.
• Decryption access can easily be locked down to production servers only.
• Secrets change synchronously with application source (as opposed to secrets provisioned by Configuration Management).
• Simple, well-tested, easily-auditable source.