How to store secrets in datomic cloud

Question

Locally I'm using https://github.com/juxt/aero to read in a local secrets.edn file that is not tracked by version control intentionally so that secrets.edn doesn't reach github since that's a public repo

but the flip side of that means secrets.edn would not be in my git repo for sending up to Datomic cloud, I suppose I can make my GitHub repo private but if possible I'd prefer an alternative

Answer 1

Check out parameter store: https://docs.datomic.com/cloud/ions/ions-reference.html#parameters

Comments

I should have looked harder, thank you

Answer 2

Non-expert guess: could you use a private, access controlled s3 bucket and manage credentials somehow? Allow cloud roles to have access to it, noone else. Put your secrets there. I haven't done this myself. I'm guessing there's an approved solution from Cognitect...

Comments

That's a good point, the more I think about it that might be a slow retrieval, so why not use DynamoDB, then I thought why not use Datomic to store the secrets, feels right since I have the machinery for Datomic access pre-installed, I assume data stored in Datomic is secure in that sense?