|
|
|
|
|
|
by kkamperschroer
3803 days ago
|
|
|
Thanks for the tip. I guess the easiest thing to do is use git-crypt with some encrypted file and have the secrets available at deploy time, but I'm worried about long term disadvantages to this approach. Rolling secrets would then require a deployment of at least that secrets file and restarting the services, or writing them in a way they read the file every time they need the secret. Since our stack isn't on AWS, it kind of throws out AWS KMS and Lyft Confidant (since it is built on AWS). I'll keep digging into Vault and the other options put forward in this thread. Thanks again. |
|
|