Add documentation on using credstash as a secret store (#2988)

source/_docs/configuration/secrets.markdown

@@ -89,3 +89,26 @@ Please enter password for encrypted keyring:
 <p class='note warning'>
   If you are using the Python Keyring, [autostarting](/getting-started/autostart/) of Home Assistant will no longer work.
 </p>
+
+### {% linkable_title Storing passwords in a keyring managed by your OS %}
+
+Using [Credstash](https://github.com/fugue/credstash) is an alternative way to `secrets.yaml`. They can be managed from the command line via the credstash script.
+
+Before using credstash, you need to set up AWS credentials either via the `aws` command line tool, or using environment variables as explained in the [AWS CLI docs](http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html) as well as creating a KMS key named 'credstash' as explained in the [credstash readme](https://github.com/fugue/credstash#setting-up-kms). After that is complete, you can use the provided script to add secrets to your Home Assistant secret store in credstash
+
+```bash
+$ hass --script credstash --help
+```
+
+To store a password in credstash, replace your password or API key with `!secret` and an identifier in `configuration.yaml` file.
+
+```yaml
+http:
+  api_password: !secret http_password
+```
+
+Create an entry in your credstash store.
+
+```bash
+$ hass --script credstash set http_password
+```