What’s a Simple Way for a Solo Developer to Manage Production Secrets?

By
Simon Furrel
-
0
13
Asked By ChillPanda92 On

I'm currently managing my secrets for Kubernetes using Kustomize and a secretGenerator with a .env file. This setup has been a bit frustrating since I have to keep the .env file with production secrets on my computer. It's also tricky when collaborating with others since they don't need access to those secrets, but I'd like them to be able to deploy without having to copy and paste the secrets from my .env file. Is there a simpler method to handle this? I'm looking for something user-friendly, possibly a web UI where I can securely log in, add or remove secrets, or maybe even a way to keep it in YAML and pull it down as needed. I'm concerned that if I remove `envFrom` from my deployment, I might lose my keys. Ideally, I'm hoping for an approach where `envFrom` references a secure storage that isn't tied to a specific file on my PC.

5 Answers

Answered By TechieTribe On

Just a heads-up with sealed secrets: the decryption key is actually stored as a secret in the cluster. If you really care about security, remember to back up those original secrets somewhere safe.

Answered By SoloDevGuru On

You might want to look into using SOPS for managing your secrets. It's pretty lightweight and works well for encrypting your files while keeping the workflow simple.

Answered By CloudSavvy123 On

Have you thought about using your source control for secrets management? For example, GitLab allows you to keep sensitive information safe, and you can set permissions for who can access it. Alternatively, if you're using a cloud provider like AWS, their Secrets Manager could be useful too! DigitalOcean might not have a specific secrets manager, but it’s worth checking if they provide any alternatives.

Answered By SecureNinja66 On

A password manager might work for you too! Many of them support file uploads and even let you share specific secrets securely with teammates. You could also consider using the sealed secrets operator, though sharing the encryption key would be necessary.

Answered By DevOpsBuff On

Using HashiCorp Vault in combination with ExternalSecrets could be a solid approach. It allows you to keep your secrets secure while still letting your application pull them as needed. Just make sure you understand how to manage access control properly.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.