Storing Kamal secrets in AWS Secrets Manager and deploying to a cheap Hetzner VPS
The article discusses how to securely store API keys using AWS Secrets Manager while deploying applications with Kamal on a Hetzner VPS. It highlights the importance of avoiding plaintext secrets for compliance with regulations like SOC 2 and GDPR. The author provides a step-by-step guide for setting up the necessary configurations and permissions.
- ▪Kamal is a deployment tool that, by default, stores secrets in plaintext files, which poses security risks.
- ▪Using AWS Secrets Manager allows for secure storage of API keys and compliance with regulations.
- ▪The author outlines steps for configuring a Hetzner VPS and integrating it with AWS Secrets Manager.
Opening excerpt (first ~120 words) tap to expand
try { if(localStorage) { let currentUser = localStorage.getItem('current_user'); if (currentUser) { currentUser = JSON.parse(currentUser); if (currentUser.id === 375077) { document.getElementById('article-show-container').classList.add('current-user-is-article-author'); } } } } catch (e) { console.error(e); } Derrick Amenuve Posted on May 23 Storing Kamal secrets in AWS Secrets Manager and deploying to a cheap Hetzner VPS #rails #kamal #devops #deployment I ran into a problem with Kamal. My .kamal/secrets file was full of API keys sitting in plaintext on my laptop. Anyone with access could read them all. TLDR; Use Kamal with AWS Secrets Manager and deploy to a Hetzner VPS. No plaintext secrets, cheap hosting, compliance happy. The problem Kamal is great for deploying apps.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at DEV.to (Top).
Discussion
0 commentsMore from DEV.to (Top)
