|
|
|
|
|
|
by ryanianian
3005 days ago
|
|
|
There's still a bootstrap issue with AWS Secrets Manager - you have to set up enough tooling to be able to call the API. The killer-app of odin imho was/is the on-machine http server that let all manner of applications very easily get credentials. You could just do something like MY_API_KEY="$(curl http://localhost:5000?key=my-api)"
and boom your shell script or whatever was very easily using secrets.The fact that Amazon systems bootstrapped EC2 instances meant they could easily enable this org-wide. The odin back-end then owned all the lifecycles around those secrets including what kinds of hosts they would go to, if/how they would rotate, etc etc. It has its annoyances including the fact you have to use http to localhost which can get saturated if you're not doing things right, but overall it really made secrets-management a non-issue. |
|
|
Suppose you have a service that fetches snippets from user pasted links (like Slack does). All I have to do is paste a link of "http://localhost:5000?key=my-api" and your server would return a snippet containing the secret.
Thats why Google Cloud and others require a special header to be set. Hopefully Odin does the same? https://cloud.google.com/compute/docs/storing-retrieving-met...