Ejson Alternatives

ejson reviews and mentions

• EJSON is a small library to manage encrypted secrets using asymmetric encryption
  1 project | news.ycombinator.com | 13 Oct 2023
• The Twelve-Factor App
  5 projects | news.ycombinator.com | 12 Oct 2023

  > If you want secure config storage on Kubernetes, you end up using Secrets, which ends up being key-value like env vars anyway.

  You can load the secret file directly into the app, no need to load it as env vars or keep it strictly as key-value pairs.

  > If you want similar security with Git you need a layer of encryption, which breaks diffs and requires additional tooling. This all leads back to why high-level deployment tools like Heroku were created.

  You can use tools like ejson[1] or sops[2] to get encrypted files checked into Git that have key level granularity on diffs.

  There is definitely a place for higher level abstractions than Kubernetes. Mostly it gives operators a standard platform to build from when teams outgrow the PaaS sandbox.

  [1] https://github.com/Shopify/ejson

• Very detailed article by Ariel Juodziukynas on Environment Variable handling in Ruby
  2 projects | /r/ruby | 19 May 2023

  I prefer env vars too. After looking for a way to handle encrypted files with dotenv, I ended up adding EJSON support to ops, so I could just put my env vars in secrets.ejson and check it in if I wanted.

• What is the proper way to use a secret manager with Next.js to fetch back secrets?
  1 project | /r/nextjs | 14 Mar 2023

  Where to store secrets (AWS Secret Manager, EJSON, Vercel's control panel, etc.) is more of a consideration of infra, and there aren't standard Next practices of where to store secrets.

• Side project: Privie, an attempt to replace/improve `ejson`
  2 projects | /r/rust | 30 Sep 2021

  After a few weeks using ejson (a utility for managing a collection of secrets in source control), using it still felt kind of awkward, so as side-project, I started working on privie.

• Sharing certs & env variables across the team without Vault, etc?
  1 project | /r/golang | 30 Aug 2021

  Another (less good) option is using something like shopify/ejson and commit that config file to your repo and then hand out the private key to devs and have them stored elsewhere.

• Ask HN: How to handle secrets (one-person SaaS)
  2 projects | news.ycombinator.com | 23 Dec 2020

  Thanks!

  About https://www.envkey.com/ : this requires a third-party server available 24/7, right? I mean, if that service is down... then I cannot deploy my code?

  About https://github.com/Shopify/ejson: what's the advantage over simple PGP? Having yet another dependency is not very appealing. I'll take a look nevertheless.

• A note from our sponsor - InfluxDB
  www.influxdata.com | 9 May 2024

  Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →