Hey everyone! I'm on the lookout for a tool that can help manage key-value pairs and secrets more effectively across different environments. I'm talking about a tool that can read from multiple sources like local environments, Kubernetes configmaps, secrets, and other files or vaults. Ideally, this tool would initialize the environment for systems, pods, or containers, taking care of setting environment variables and placing configuration files correctly.
In my experience, every CI/CD setup I've encountered is a chaotic mix of hardcoded variables, environment settings scattered across GitLab projects, values.yaml files, and other configurations. It creates maintenance headaches, especially with over 800 key-value pairs to manage!
I'm thinking of a solution that abstracts the source of these values away from the user, allowing easy transitions between different sources, like switching from a Kubernetes configmap to a .env file without having to rewrite everything. The perfect tool would also have minimal dependencies and wouldn't require any service component to run.
If you have faced similar issues or know of any tools that can achieve this, I'd love to hear your thoughts!
3 Answers
HashiCorp provides some solid tools like Vault and Consul for managing secrets, but you might want to clarify how they fit into your needs. They might not do everything you’re looking for.
You might be tackling a more organizational problem here rather than just a tech one. Often, projects lack a clear consensus on managing these details, especially if multiple teams are involved. Having one person or team in charge could really streamline the process. You may still want to look for a tool, but consider this aspect too.
You’re right! It seems like this wasn’t prioritized early on. Focusing on making things work at the start can lead to these maintenance issues later. Better project management might help a lot!
I had a similar challenge, and I found that using 1Password was a game changer for managing secrets. It works well with Pulumi to automate the whole process, and there are great examples online that walk through the setup. I use the 1Password CLI in my GitHub Actions and their Kubernetes operator to help initialize pods. It keeps my local development secrets tidy too, mitigating drift.
This sounds interesting, I'll check it out, thanks!
Yeah, but I think they might not fully align with what I described. I need something more specific to handle multiple input types.