At Zemanta, we developed py-secretcrypt[0] and go-secretcrypt[1] for keeping secrets encrypted with Amazon KMS (Key Management Service) in our repos. They are then decrypted on the fly by the application.
Access control is managed through AWS KMS key policies, with EC2 instances running the applications having permissions to decrypt the secrets.
Access control is managed through AWS KMS key policies, with EC2 instances running the applications having permissions to decrypt the secrets.
Blog post about this will follow soon.
[0] https://github.com/Zemanta/py-secretcrypt
[1] https://github.com/Zemanta/go-secretcrypt