Safely commit your encrypted secrets to git, no more .env files!
Strong Config uses sops to encrypt your secrets with strong cryptography. Every config value whose key has the suffix Secret will be encrypted by the CLI command strong-config encrypt:
api:
# will NOT by encrypted, it's just a normal config value
url: www.super.com/api
# WILL be encrypted because it has the 'Secret' suffix
apiSecret: super-duper-secret-key
# WILL also be encrypted, you get the idea :)
anotherSecret: please-dont-tell-anybody
To encrypt anything, you will need an encryption key. Sops supports PGP, AWS KMS, Google Cloud KMS, and Azure Key Vault as key providers. Each of which we will demonstrate below ⬇️
<aside> 🚨 PGP is great if you just want to try out encryption or have a very simple use case. However, we recommend against using PGP for for production-level use or when working in a team because it's easier to use one of the cloud KMS systems below. Managing PGP keys among multiple people can get complicated very fast.
</aside>
For this walk-through, we will use the AWS console to create our test key (if you prefer the terminal, you can also use the AWS CLI to create and manage keys).