| I’ve been doing DevOps for about 9 years, and I keep seeing the same mess repeat itself: - Terraform or Pulumi outputs → Vault/KMS → CI replaces values in YAML → K8s secrets operator injects env vars → app starts → DATABASE_PASSWORD typo, chaos ensues. - Copy-pasted creds from Slack or Teams. - Secrets/configs left in plaintext files or repos. - Password managers with outdated entries that no one really trusts. As a developer, what frustrates me most is the lack of predictability.
Between Terraform, Vaults, pipelines, and operators, it’s often unclear who “owns” the truth — and every layer can quietly introduce drift. So I’m curious: - How are you handling that handoff today?
- Are you still pushing everything through Vault + env vars, or have you built something cleaner?
- What has actually worked for you in production — and what’s bitten you later? Would love to hear some real war stories or simple patterns that actually hold up over time. |