We are looking for a good way to store secrets across multiple clouds and on-prem solutions. Need to primarily provide secrets via CSI drivers to Pods in these clusters. What is a good fit for this? • Azure Keyvaults called from all different types of infra? • Hashicorp Vault? • Pulumi Secrets? • The new ESC? (trying to understand if this actually stores secrets or just point to other types of Vaults)

HC vault would be most suitable here IMO.

I agree, however, just found out it will start at about 15000 dollars a year for their hosted solution. So for storing a few hundred secrets across multiple clouds it is a bit expensive imho.

Yes, it seems expensive. Managing the vault on your own is also an option.

@wet-gigabyte-99270 most common thing i've seen in my time consulting in IT is to stick them in plaintext in the repos

Also an option, I wouldn't keep my job for long though 😉

base64 encode it 😂

my earliest memory 'haxoring' was breaking the admin tool at highschool, the admin had made a vbscript app and his encryption was xor'ing against his birthday

Currently ESC retrieves secrets from other secrets managers (AWS Secrets Manager, Azure KeyVault, etc.) and makes them accessible (both to Pulumi IaC and to other tools).