Hey everyone! I'm on the lookout for a tool that can help manage key-value pairs and secrets more effectively across different environments. I'm talking about a tool that can read from multiple sources like local environments, Kubernetes configmaps, secrets, and other files or vaults. Ideally, this tool would initialize the environment for systems, pods, or containers, taking care of setting environment variables and placing configuration files correctly.
In my experience, every CI/CD setup I've encountered is a chaotic mix of hardcoded variables, environment settings scattered across GitLab projects, values.yaml files, and other configurations. It creates maintenance headaches, especially with over 800 key-value pairs to manage!
I'm thinking of a solution that abstracts the source of these values away from the user, allowing easy transitions between different sources, like switching from a Kubernetes configmap to a .env file without having to rewrite everything. The perfect tool would also have minimal dependencies and wouldn't require any service component to run.
If you have faced similar issues or know of any tools that can achieve this, I'd love to hear your thoughts!
5 Answers
Consider checking out Kubernetes with the External Secrets operator. There are also Terraform modules that can pull in secrets and create files that you can source for environment variables. Both approaches might solve your issue!
Honestly, the key is to pick one tool and stick with it for these tasks. I personally use Chamber, which works great with AWS SSM Parameter Store for safe secret management. It serves as a good key-value store that’s perfect for handling both secrets and regular values.
HashiCorp provides some solid tools like Vault and Consul for managing secrets, but you might want to clarify how they fit into your needs. They might not do everything you’re looking for.
Yeah, but I think they might not fully align with what I described. I need something more specific to handle multiple input types.
You might be tackling a more organizational problem here rather than just a tech one. Often, projects lack a clear consensus on managing these details, especially if multiple teams are involved. Having one person or team in charge could really streamline the process. You may still want to look for a tool, but consider this aspect too.
You’re right! It seems like this wasn’t prioritized early on. Focusing on making things work at the start can lead to these maintenance issues later. Better project management might help a lot!
I had a similar challenge, and I found that using 1Password was a game changer for managing secrets. It works well with Pulumi to automate the whole process, and there are great examples online that walk through the setup. I use the 1Password CLI in my GitHub Actions and their Kubernetes operator to help initialize pods. It keeps my local development secrets tidy too, mitigating drift.
This sounds interesting, I'll check it out, thanks!
That makes total sense! I’ll look into Chamber for sure. I just wish I could have been involved earlier in these projects for a smoother setup!