burke
commented
9 years ago It's stored at the top of ejson files as of 1.0.0. For example: https://github.com/Shopify/shopify/blob/master/config/secrets.production.ejson#L2
This way, you don't need the key to add secrets, you just ejson encrypt <file>.
yagnik
hey @burke what do you think about saving the public key with the repo? It's pretty hard to ask ops give you public key from databag everytime we want to update keys.