New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Idea of Hashicorp Vault backend #483
Comments
I found another good thread of yours: https://www.reddit.com/r/programming/comments/10hzh2i/guys_its_happending_my_recent_open_source_project/ If I'm not wrong, you're aiming for the same point as me. |
Hi @beejei! Thanks for this idea. I've actually been thinking about this exact use-case this past 2-3 weeks now — My thought was to have Infisical be a secrets orchestration layer that can connect to any storage backend like Vault, AWS/GCP/Azure SM, databases, and even S3 or a private repo; in this model, we would still provide MongoDB as the default storage option as it is currently. The reason is multi-fold:
The orchestration layer would come with all the built integrations (and more), adding rotation, dynamism, and syncing functionality to the underlying chosen KV store and with of course the beautiful interface we already support out of the box. It'd be amazing to jam on this idea further with you (I've just started a convo about it in our Slack comunity); do feel free to join here! |
I'm super happy to get your response so soon. Thanks! |
Feature description
A clear and concise description of what the feature should be.
Hi Infisical team,
I'm seriously rechecking the credential management process in our company, and I'm again deeply depressed as there is no easy-to-use solution.
In the market, there are lots of places to store the credentials, but from the guideline, no one wants to store them in the code repository.
I agree with the general concept, but honestly, there is actually no good alternative way accepting all the use cases.
For the user experience, https://doppler.com or https://dotenv.org might be the best solution for developers.
But WHO WANTS TO STORE THEIR CREDENTIALS OUTSIDE OF the COMPANY?
I think this really makes a big difference in your product. Because Infisical allows self-hosting method.
But on the other hand, while your team is focusing on the integration side, users are concerned about how to ensure the data handling in Infisical follows the best practice.
Please refer to: https://www.reddit.com/r/selfhosted/comments/10r8as3/comment/j6uuofd/?utm_source=reddit&utm_medium=web2x&context=3
Therefore my idea is, why not provide an option to have Hashicorp Vault as a backend?
Why would it be useful?
Why would this feature be useful for Infisical users?
Because Hashicorp Vault is well-known backend with best practices but has poor UI, Docs, and integrations compared to its backend.
I think this will make a really good pivoting point. Because a lot of companies already using Hashicorp Vault for their business, but with poorly made in-house scripting.
Additional context
Add any other context about the problem here.
I've searched for 6 hours to search for a better way. And arrived here with the discussion:
https://www.reddit.com/r/devops/comments/tzufc9/how_do_you_share_and_sync_env_files_for_your_team/
It would be really great if you consider this idea seriously.
Then I could push our company to use Infisical with our Hashicorp Vault corporate instance.
Thanks for reading.
Best regards,
beejei
The text was updated successfully, but these errors were encountered: