Sctl is a CLI utility written in golang designed to help ensure deployment secrets stay secret, and will out-live their creators in the event of a lottery scenario.
Sctl keeps the practice of versioning secrets along side the code in deployment repositories, but not in plain text. Its an evolution from using a PGP based keystore to retain sensitive information. With the use of IAM policy, and KMS encryption, a reasonable measure of assurance that your secrets are safe with only those you designate as crypto-admins can be achieved.
- sctl only supports Google Cloud Platform KMS / Identity at this time.