https://pulumi.com logo
#general
Title
# general
w

wet-gigabyte-99270

11/10/2023, 9:54 AM
We are looking for a good way to store secrets across multiple clouds and on-prem solutions. Need to primarily provide secrets via CSI drivers to Pods in these clusters. What is a good fit for this? • Azure Keyvaults called from all different types of infra? • Hashicorp Vault? • Pulumi Secrets? • The new ESC? (trying to understand if this actually stores secrets or just point to other types of Vaults)
b

busy-toothbrush-90194

11/10/2023, 12:50 PM
HC vault would be most suitable here IMO.
w

wet-gigabyte-99270

11/10/2023, 12:51 PM
I agree, however, just found out it will start at about 15000 dollars a year for their hosted solution. So for storing a few hundred secrets across multiple clouds it is a bit expensive imho.
b

busy-toothbrush-90194

11/10/2023, 12:53 PM
Yes, it seems expensive. Managing the vault on your own is also an option.
g

gentle-application-59272

11/10/2023, 2:56 PM
@wet-gigabyte-99270 most common thing i've seen in my time consulting in IT is to stick them in plaintext in the repos
sorry for the useless comment i couldn't help myself
w

wet-gigabyte-99270

11/10/2023, 2:59 PM
Also an option, I wouldn't keep my job for long though 😉
m

many-house-85254

11/10/2023, 3:09 PM
base64 encode it 😂
g

gentle-application-59272

11/10/2023, 3:10 PM
my earliest memory 'haxoring' was breaking the admin tool at highschool, the admin had made a vbscript app and his encryption was xor'ing against his birthday
s

salmon-account-74572

11/10/2023, 5:24 PM
Currently ESC retrieves secrets from other secrets managers (AWS Secrets Manager, Azure KeyVault, etc.) and makes them accessible (both to Pulumi IaC and to other tools).