Skip to content

[SECURITY] Implement Secrets Management #166

Closed as not planned
Closed as not planned
[SECURITY] Implement Secrets Management#166
Labels
P1agent:builderAgent 2 - Buildercomponent:infrastructureInfrastructure/DevOpsrisk:highHigh risk of causing issues or regressionssecuritysize:l1-2 daysstaleNo recent activity - will be closed if no response
Milestone
v2.1.0
@JoshuaAFerguson

Description

@JoshuaAFerguson
JoshuaAFerguson
opened on Nov 23, 2025

Objective

Move secrets from environment variables to secure secret management.

Options

  • HashiCorp Vault
  • AWS Secrets Manager
  • Azure Key Vault
  • Sealed Secrets (K8s)

Secrets to Manage

  • Database password
  • Redis password
  • JWT signing key
  • SAML certificates
  • API keys
  • Webhook secrets

Implementation

import "github.com/hashicorp/vault/api"

func GetSecret(path string) (string, error) {
    client, _ := vault.NewClient(vault.DefaultConfig())
    secret, _ := client.Logical().Read(path)
    return secret.Data["value"].(string), nil
}

Acceptance Criteria

  • No secrets in env vars
  • Secrets rotated regularly
  • Audit trail for secret access
  • Documentation updated

Files

  • api/internal/secrets/vault.go (NEW)
  • manifests/secrets.yaml (update)

Metadata

Metadata

Assignees

No one assigned

    Labels

    P1agent:builderAgent 2 - Buildercomponent:infrastructureInfrastructure/DevOpsrisk:highHigh risk of causing issues or regressionssecuritysize:l1-2 daysstaleNo recent activity - will be closed if no response

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions