I have an app that is storing AWS secret keys in a private repo on Github.
It was recommended because if one of our computers "blows up", we will not have access to the keys.
Instead of storing in Github, we could just pass our computers around to share the secret key, or send them through private company slack.
These all seem like bad ways to manage keys.
Is there a good repository/vault or method that is better for secret key storage and sharing with team members?
Avoid storing credentials with code, they get quite vulnerable and consequences may be irreversible. It would be much better to use IAM Roles to grant access and use keys only for development, preferably a different one per developer so they can be rotated as needed.
Check the AWS Security Best Practices whitepaper for further details.