Description
Currently, the choice of secrets is Vault or nothing. I'd like to 1. make Vault integration a bit more modular (write a secrets provider interface that it satisfies) then introduce more secrets providers.
One of the reasons for this is, wadsworth is designed for simple deployments that don't need Kubernetes. Deploying and setting up Vault is quite a hassle to get decent security, and is generally advised to run on a separate server for both security and reliability reasons. I'd like to provide a simple middle-ground that fulfils the single-server use-case that Wadsworth was built to satisfy. This may be as simple as an in-memory store or some simple encrypted store.
Needs some thought. Currently, environment variables are propagated to every config engine VM so this can be a valid replacement but it can lead to users simply shoving their secrets into a .env
file, which may not be the best security approach.