-
Checking out the code, this line looks weird to me. https://github.com/fpco/terraform-aws-foundation/blob/d15768b3499638bba76c878e83659faa71741876/modules/credstash-grant-reader/main.tf#L54
Seems l…
-
Hey Team,
I'm considering the option of the creation of a shared/common credstash and as such require cross-account ARNs. Unless there is a smarter way of doing this.
note: I know you can grant…
-
it would be great if there was a templating feature similar the one implemented here https://github.com/winebarrel/gcredstash . this way go templating could be leveraged to inject secrets into all typ…
-
## Description
eMIS is being decommisioned (Sept 30, 2022) and we can clean up references to it in our services (proxies, etc.)
## Background/context
- https://github.com/department-of-veterans-affa…
-
You can configure dynamodb to cross region replicate. But there isn't a way to do it (from what i can tell) for configuring the `credstash setup` to do that
-
Anyone have any thoughts for what a backup/restore procedure would look like for the credential-store table? I'm thinking of how to pitch credstash in terms of diaster recovery, etc.
-
Storing them currently in `config.yaml` has these problems
* hard to have stage and prod
* risky as one could commit the file accidentally
* must be stored mode 0600 then changed to 0644 to be adde…
-
Out of the available solutions, research different options and identify a recommended solution for a small project. Both financial and administrative costs are a factor here with a preference for simp…
-
hmac was stored as a hex encoded string, but is now stored as a hex encoded binary value. This change appears unintentional, and secrets stored this way cannot be read using older versions of credstas…
-
dynamodb currently does not support encryption at rest, as well as support for vpc endpoints. In order for a completely secure solution, we would need to add support for credstash to pull files from …