We are looking for a good way to store secrets acr...
# general
w
We are looking for a good way to store secrets across multiple clouds and on-prem solutions. Need to primarily provide secrets via CSI drivers to Pods in these clusters. What is a good fit for this? ā€¢ Azure Keyvaults called from all different types of infra? ā€¢ Hashicorp Vault? ā€¢ Pulumi Secrets? ā€¢ The new ESC? (trying to understand if this actually stores secrets or just point to other types of Vaults)
b
HC vault would be most suitable here IMO.
w
I agree, however, just found out it will start at about 15000 dollars a year for their hosted solution. So for storing a few hundred secrets across multiple clouds it is a bit expensive imho.
b
Yes, it seems expensive. Managing the vault on your own is also an option.
g
@wet-gigabyte-99270 most common thing i've seen in my time consulting in IT is to stick them in plaintext in the repos
sorry for the useless comment i couldn't help myself
w
Also an option, I wouldn't keep my job for long though šŸ˜‰
m
base64 encode it šŸ˜‚
g
my earliest memory 'haxoring' was breaking the admin tool at highschool, the admin had made a vbscript app and his encryption was xor'ing against his birthday
s
Currently ESC retrieves secrets from other secrets managers (AWS Secrets Manager, Azure KeyVault, etc.) and makes them accessible (both to Pulumi IaC and to other tools).