Using Git Submodules to manage secrets

Had a need to manage secrets and access them in a number of different applications (edge, portal, backend) and contexts (development, deployment).

One solution:

  • put your secrets in a repo named secrets and encrypt with Ansible Vault
  • add the secrets repo as a submodule to all the repos that need access to credentials.

This keeps unencrypted credentials out of your Git repos and allows you to have one place and one mechanism to store and retrieve secrets. Submodules work well as they can easily extend an existing Git repo.

1 Like