Testing and credentials best practices?

Question

How do you deal with tests (both on dev machine and Jenkins) that need credentials (such as AWS keys)?.

I know of the following methods:
1. Test user with known (stored in source control) limited credentials
2. ~/.secrets (or any other known location) RC file which is not in source control
3. Credentials service (such as ZooKeeper) accessed only from VPN
4. Credentials pre user encrypted (gpg) and stored in source control

What method are you using? Are there any best practices in the subject?

Comments

I've done several of these. Another option that may work in some contexts is to mock the test altogether; have a server that simulates whatever you needed credentials for, and accepts a key of all zeroes or equivalent. Obviously that key can happily go into the source code :)

Answer 1

We've been looking at using etcd to store credentials (essentially the same solution as zookeeper). It seems like the right way to go.

So far, my impression of etcd is "neat, promising, not ready for prime time yet" (to be fair, the etcd folks don't claim it's stable yet). ZooKeeper at least has the advantage of being in production use for a long time, so it should be pretty bullet-proof.