Lately, I’ve been thinking of implementing a secrets management system such as Infiscal, etc. Does anyone use this or something similar like Hashicorp?

How hard would it be to deploy on a pre-existing set up? How does that work? Do you call the required secret in your Docker compose? What makes a secret manager more secure than pulling secrets from an .env file?

Which secret manager is the most popular/better among selfhosters?

  • slazer2au@lemmy.worldEnglish
    71·
    14 hours ago

    I have seen people use Ansible Vault to encrypt the .env file and use an ansible playbook to only decrypt the file when the playbook is running.

    • irmadlad@lemmy.worldOPEnglish
      5·
      10 hours ago

      Ansible is one of those ‘on the list’ things to check out. It seems to have a broad range of applications.

      • med@sh.itjust.worksEnglish
        2·
        7 hours ago

        Sounds like you have reason to bump it up the list now - two birds with one stone.

        I need to do this too. I know I have stuff deployed that has plaintext secrets in .env or even the compose. I’ll never get time to audit everything. So the more I make the baseline deployment safe, the better.