Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
frollogaston a day ago

For a long time and probably still today, Google AppEngine kinda encouraged storing secrets in the YAML, which is easy to accidentally git-commit. There's no easy way to pass secrets to your services otherwise, unlike Heroku etc where it's always been a single command to put them into envvars on the jobs.

Last time I tried, the default suggestion was Cloud KMS (yeah), now there's some new secret manager that also looks annoying: https://stackoverflow.com/questions/58371905/how-to-handle-s...

null_deref a day ago | parent [-]

And can we talk about the predatory pricing model? In AWS one secret service prices a secret for 0.4 dollars a month. I was appalled when I first saw it, are you going to charge me 5$ a year for storing my 12 bytes?

bdcravens a day ago | parent [-]

If all you're doing is storing, and not using advanced features like auto rotation, Parameter Store is free for most use cases.

null_deref a day ago | parent [-]

Ok I may have misread the pricing model, I’ll look into it, thanks!

bdcravens 20 hours ago | parent [-]

To be clear, Parameter Store is a separate product from Secrets Manager, but is essentially the same thing without features like the UI, key rotation, etc. Functionally though, they're the same (for example, passing secrets into an ECS container is just a matter of passing the ARN)