2022-08-22 · 1 min read
EJSON is a small library to manage encrypted secrets using asymmetric encryption.
- Github: https://github.com/Shopify/ejson
- Related: https://github.com/Shopify/ejson2env
- Similar: ejson-kms (AWS), mozilla SOPS, sy - share secrets safely
The main benefits provided by
- Secrets can be safely stored in a git repo.
- Changes to secrets are auditable on a line-by-line basis with
- Anyone with git commit access has access to write new secrets.
- Decryption access can easily be locked down to production servers only.
- Secrets change synchronously with application source (as opposed to secrets provisioned by Configuration Management).
- Simple, well-tested, easily-auditable source.