Secrets management in a cloud/Kubernetes and CI/CD context is crucial and should covers various aspect like
- how to maintain secrets in a secured way and avoid persistence in insecure repositories like git
- administrate access using a RBAC and enable segregation of duties
- life cycle management of secrets
- inject secrets automatically into application runtime
Existing solutions provides features to some of the mentioned aspects. One of the most widespread solution is HashiCorp Vault. HashiCorp Vault provides a solution to manage and protect secrets. Additional extensions and open source solutions interacts with HashiCorp Vault to inject secrets into an application context running in a Kubernetes/OpenShift runtime. This article explains some of the options and ends with a comparison.
[Read More]