Enhancement: Allow use for s3 instead of dynamodb.

[willcrain1]

dynamodb currently does not support encryption at rest, as well as support for vpc endpoints. In order for a completely secure solution, we would need to add support for credstash to pull files from s3 which store credentials.

[LeeAdcock]

Seems like there at least is an opportunity to refactor the dynamodb dependency so that the datasource is more modularized. If credstash is referencing a datasource interface, with a dynamodb implementation of that interface, then it would be more straight forward in the future to add new data persistence options. Currently the dependency between dynamodb and credstash is pretty pervasive.

[nathan-muir]

@LeeAdcock I've done the modularisation already in my fork (https://github.com/3stack-software/credsmash) I just need to upstream it...

1. You can create another package with the entry point credsmash.storage_service
2. Set the storage_service option in the config to the name of your entry point. (There's an example config in the bottom of https://github.com/3stack-software/credsmash/blob/master/HISTORY.md)

[ajmath]

I would also like to see this happen. We're looking at using aurora instead of dynamodb for pricing/performance concerns.

[sebastianreloaded]

there is a PR for that: https://github.com/fugue/credstash/pull/139

[rkgyellowjacket]

i do not know if this is still "really" open, but dynamo does support the usage of kms and you can create cross-region clusters to replicate secrets.