|
|
|
|
|
|
by danenania
1328 days ago
|
|
|
In most cases, attempting to roll your own secrets management (or just ignoring secrets management entirely) will end up spraying access across all kinds of third party services (usually in plain text), as engineers resort to sharing secrets via email, chat, file sharing, and other tools to get their work done. The cost/benefit/risk calculation of trying to do this all yourself isn't good. Using open source/self-hosted secrets management tools can be a good middle ground that requires less trust while still providing secure sharing options to engineers so they don't resort to egregiously insecure methods. Disclaimer: I'm the founder of just such a tool - https://envkey.com (we're adjacent to Idemeum but are focused specifically on application-level configuration and secrets, not passwords or SSO). |
|
|