What’s the Best Way to Store Secrets Securely?

0
1
Asked By CuriousCoder123 On

I'm currently using **sealed-secrets** for encrypting my secret YAMLs since it meshes well with **ArgoCD** when unsealed in the cluster. Right now, I keep secrets in a private Git repository, seal them using a script, and sync everything into the GitOps repo's folders. I've considered **Vault**, but I'm unsure about its licensing and the complexity of managing it. In cases where security isn't a top concern, are there better alternatives to what I'm doing? Thanks for any insights!

5 Answers

Answered By DevSeeker89 On

If you’re using this setup in a homelab, it’s probably sufficient for now. You could explore deploying Vault or Passbolt later if needed. For production use, though, it's a bit concerning; it’s similar to SOPS, which is easy to use but may not scale well. What issues are you anticipating with scaling?

Answered By K8S_Modernist On

A lot of people recommend using External Secrets Operator, though they've mentioned some support issues lately. I think it’s still a solid choice for new projects, but it's worth considering their current support situation. What do you think? Would you still go with them?

Answered By CloudGuru42 On

Have you considered OpenBao as an alternative to Vault? The licensing issue with Vault can be a hassle, but OpenBao is simpler to manage. Given that you're in the cloud, both AWS and Azure offer native services that integrate nicely with External Secrets Operator. If sealed secrets meet your needs now, it’s worth asking why you’d change things up.

Answered By OnePasswordFan On

If you're a 1Password user, their connector for Kubernetes might be a really handy option for secret management. Just something to think about if you're looking for tools that play well with K8s!

Answered By InfisicalUser77 On

I've been using Infisical with their operator to sync secrets directly into native K8s secrets. It's open-source with a nice UI and I think they also have a cloud option if you prefer that route.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.