|
|
|
|
|
|
by LinuxBender
1734 days ago
|
|
|
A file that would contain a secret should have the secret attributes parameterized and the attribute modified on deployment using Hashicorp Vault, otherwise the entire file would have to be stored in Vault meaning the entire file is a secret. This is a common pattern with Ansible, Chef, Puppet and other configuration management tools that integrate with Vault. Docker also has integrations with Vault and can replace attribute placeholders with their secret contents on deployment of containers. All of the aforementioned platforms have how-to's explaining how to correctly integrate with Vault. |
|
|