Y
Hacker News
new
|
ask
|
show
|
jobs
by
peterldowns
564 days ago
This is entirely correct. SOPS+kms, or similarly Berglas + GCP Secret Manager, is the right way.
Secrets belong in secrets stores, accessible via auditable IAM role grants.