Abstracting secret management from values repo PoC #263
Comments
|
Awesome. The tradeoff between kubernetes-external-secret and bank-vault seems tricky, they both seem to be maintained equally well. I guess bank-vault offers more features and has 50 more collaborators, but then again, the other project is created for solving this problem specifically, correct? |
|
Indeed, choosing the one is tricky. Intuitively, I like more bank-vaults, because of it's simplicity in terms of referencing to a secret value. But let's make our hands dirty first and then we can decide which one does better work for us. The kubernetes-external-secrets can integrate more seamlessly but if has some disadvantages that I would like to avoid. |
|
I prefer bank-vaults as it fits more tightly. The other one is offering an interface that is too wide. So if the POC with bank-vaults feels nice we can just continue with that imo. |
|
Yes, I am going to start with bank-vaults |
j-zimnowoda
changed the title
j-zimnowoda
changed the title
|
Discussion is finished. Requirements are complete and user stories defined. |
**Is your feature request related to a problem? **
The current secret management implementation:
We need robust, multi-tenant secret management solution that integrates seamlessly with Kubernetes but also is suitable for GitOps approach. The solution should also provide secret rotations out of the box.
For more information see discussion: #279
Describe the solution you'd like
I would like to have vault a a secret manager.
First of of Valut seems to be a great candidate as it provides:
Unfortunately, it does not support secrets injection as ENV vars (link)
There are two solutions that could meet our requirements:
Related tasks:
The text was updated successfully, but these errors were encountered: