operationcode_infra icon indicating copy to clipboard operation
operationcode_infra copied to clipboard

Published 20 hours ago verified publisher icon OperationCode

Unified secrets management

Open ohaiwalt opened this issue 8 years ago • 1 comments

As recently experienced, having a bus factor of 1 for critical items like secrets can become a huge blocker for even the most basic of tasks. Given the occasionally transient nature of contributors, we want to make things simple to use and secure.

We need a secrets management solution that:

  1. Allows OpCode users and contributors to easily retrieve secrets they are authorized access to.
  2. Facilitates automation so that deployments and other system operations can be abstracted so an individual access isn't required to keep things moving forward.
  3. Allows revocation of access to secrets.

ohaiwalt avatar Oct 30 '17 02:10 ohaiwalt

Here is some research for possible solutions:

  • https://gist.github.com/maxvt/bb49a6c7243163b8120625fc8ae3f3cd
  • https://www.cyberark.com/blog/introducing-cyberark-conjur-open-source-secrets-management-solution/
  • https://blog.docker.com/2017/02/docker-secrets-management/

My recommendations:

  • https://kubeapps.com/charts/incubator/consul
  • https://kubeapps.com/charts/incubator/vault

sethbergman avatar Oct 30 '17 03:10 sethbergman