Hi all,<p>I'm looking for centralized tools for managing secrets for my engineering team right now. Is there any recommended tools from your experience using them in production?<p>For example like Vault (Hashicorp product).<p>Thanks
My company uses AWS and started before Parameter Store and Secrets Manager and we try to not run our own infrastructure where possible because we are very small and don't have a big ops team.<p>We simply store our secrets in a KMS-encrypted file in S3. When containers start up, they have a bootstrap script that deserializes it and fills it with the appropriate variables.<p>At some point though I think we will look at Parameter Store and Secrets Manager. If I were starting this company again, that's where I'd look first.<p>Many will suggest Vault, which I hear is a fine product. However, it's one more thing that can fail, and this is a pretty big thing because if you can't access passwords and security tokens, most systems will totally stop working. If you are using a public cloud environment, I would look at tools native to that environment that are managed for you.
Not affiliated to the below company. I came across it a few days back. Have not used it either. Just passing it on hoping it will help.<p><a href="https://www.envkey.com/" rel="nofollow">https://www.envkey.com/</a> helps manage your team's secrets and configuration.
I think you just answered your own question. As a bonus Red Hat just released a Vault operator so that you can run it on Kubernetes with minimal hassle.<p><a href="https://github.com/coreos/vault-operator" rel="nofollow">https://github.com/coreos/vault-operator</a>