Local development credential manager and best practices
I've long since been storing credentials to databases and services in local configuration files during development. Sometimes these need to be to production systems, which makes this a security issue.
I'm wondering what the best practice here would be. I don't want to manually enter credentials on each startup of my apps during development and using something using environment variables seems also inconvenient (I'm often using Visual Studio).
I'm very pleased with password managers like LastPass as an end-user, which queries me for a master passphrase and stored credentials on disk only in an encrypted fashion. So I'm wondering if something like this exists for the niche of developers needing an API to request credentials from: My apps could connect to a service that encrypts the credentials only once per machine boot.
What options are there? What do others do?
