|
|
|
|
|
|
by gtsteve
2984 days ago
|
|
|
My company uses AWS and started before Parameter Store and Secrets Manager and we try to not run our own infrastructure where possible because we are very small and don't have a big ops team. We simply store our secrets in a KMS-encrypted file in S3. When containers start up, they have a bootstrap script that deserializes it and fills it with the appropriate variables. At some point though I think we will look at Parameter Store and Secrets Manager. If I were starting this company again, that's where I'd look first. Many will suggest Vault, which I hear is a fine product. However, it's one more thing that can fail, and this is a pretty big thing because if you can't access passwords and security tokens, most systems will totally stop working. If you are using a public cloud environment, I would look at tools native to that environment that are managed for you. |
|
|