Lately, I’ve been thinking of implementing a secrets management system such as Infiscal, etc. Does anyone use this or something similar like Hashicorp?
How hard would it be to deploy on a pre-existing set up? How does that work? Do you call the required secret in your Docker compose? What makes a secret manager more secure than pulling secrets from an .env file?
Which secret manager is the most popular/better among selfhosters?
That’s a K8s application I’ve never explored, and the ‘commit the encrypted secrets to git and deploy with ArgoCD’ is well above my pay grade at the moment. Not saying it’s not unattainable, however, I’m still trying to thoroughly understand Docker, which should take me quite a while. LOL
Oh, I didn’t realize this was for plain containers, sorry.
For that I use Ansible to deploy the containers in my server. The secrets are stored encrypted in my local machine with passwordstore and I use the passwordstore lookup plugin to load them in the playbooks/templates.