|
|
|
|
|
|
by danenania
3020 days ago
|
|
|
I've been meaning to write up a comparison with Vault for the website. Simplicity is definitely the main differentiator. EnvKey is designed to "just work" from a developer's perspective, and to actually save time/boost productive instead of being an obstacle. There's no server setup or administration, and integration is just 1-2 lines of code and a single environment variable, vs. being a good amount of work with Vault. In general, EnvKey is usually a 5-15 minute setup and integration process that requires no ongoing maintenance, whereas depending on a company's level of devops sophistication/resources, Vault is an n days - n weeks project to get it working just right, and will usually require additional maintenance/integration work on an ongoing basis. Another area that I think can get overlooked with Vault is development secrets. In my view, it is important to protect these just as well as production secrets, since prod-level secrets can easily slip through the cracks and end up in development environments for various reasons. Vault can be setup to manage these, but it's not really the focus, and so you are left to your own devices in terms of integrating it into a dev-friendly workflow. EnvKey, on the other hand, makes distributing development config and secrets totally seamless. |
|
|
Vault stores secrets. That's all it does. (Well it can also generate TLS certificates, handle AWS integration and more..) Once you have a vault instance adding a new secret takes seconds and the having an instance for development, and a second for production is trivial.
You can also prefer a single instance with more restrictions, logging, and similar.
* secret/$application/development/db_user * secret/$application/development/db_pass * secret/$application/development/db_host
vs
* secret/$application/production/db_user * secret/$application/production/db_pass * secret/$application/production/db_host
But the vault itself doesn't care about dev vs. prod. That's more an infrastracture question about which hosts can talk to it, etc.