we provide instructions and a script for the user to automatically create aws infrastructure. this includes the use of credstash
, and storage of the same secret within it
to do this, the user must export
a variable containing this secret to environment before executing setup.sh
.
while we try to ensure that their shell history is turned off, that was only validated with bash
, a single flavor of shell.
this is an option for securing handling the gandi api key before supporting infrastructure for such has been instantiated.
expand the gandi api key creation instructions to include a section on using keepassxc
, and on enabling its secret service integration. the setup script could then use a cli interface to the service api to retrieve said credential.
caveats:
credstash
for local users, or app testing purposesitd be simpler to merely warn the user about the risks of exposing their credential to their shell history, and link some page on how to temporarily disable this functionality for a variety of shells.