devspace-plugin-loft VS Vault

I'm biased but I do think what you're describing is a good use case for Kubernetes. I work for Loft Labs, we're the company that created vcluster. We do have a commercial product called Loft that lets you manage vclusters and offer them self-service to developers. If you want to get more info on that, the web site is loft.sh.

There are some products available, for example Loft who open sourced vcluster

We run on EKS and use https://loft.sh/ to deploy development environments. The engineer runs the single service locally that they want to modify. Any other services or databases that service connects to run remotely in our Development EKS cluster using Loft and port forwards to the engineers local environment.

Lastly, one day my employer will let my run Loft so that I can provide on-demand ephemeral k8s clusters to my dev + test teams.

Have a look at https://github.com/loft-sh/kiosk and maybe the paid version https://loft.sh/

How many friends? I would recommend evaluating Loft which is free for up to 3 users.

Automate the setup of new k8s environments, ideally they should be ephemeral, disposed regularly and rebuilt by the devs themselves, on demand. This will also keep costs in check, devs don't work 24/7 so why should their cloud infrastructure? A tool worth checking would be Loft

Loft solves this + much more. There are cost-saving features too, so it might actually pay for itself. Don't hesitate to book a demo.

Loft.sh provides self-serve Kubernetes solutions for cost optimization, CI/CD, policy enforcement, user management, collaboration, and more. It helps save on Kubernetes costs by using quotas and space constraints which helps while sharing your clusters among multiple users and teams. Auto delete for idle namespaces and sleep mode for idle workloads also saves costs.

HashiCorp Vault

For a more comprehensive and robust secret management solution, get your hands on tools like GCP Secret Manager, or HashiCorp Vault. They're like the security guards of your secrets, providing a safe house, access control, and keeping logs of who’s been snooping around.

HashiCorp Vault is a popular tool for managing secrets in Kubernetes clusters. It offers advanced features such as secure storage, encryption, dynamic secrets generation, and integration with Kubernetes through its Kubernetes authentication method.

So you've just bought a new platform tool? Maybe it's Hashicorp Vault? Snyk? Backstage? You’re excited about all of the developer experience, security and other benefits you're about to unleash on your company—right? But wait…

You seem to be looking for a cross-platform solution, and https://www.vaultproject.io/ provides just that. If everything was in AWS, AWS Secret Manager might be great, but imo Vault provides much better platform-agnostic capabilities.

https://github.com/openwrt/luci/blob/master/applications/luc...

https://developer.hashicorp.com/vault/tutorials/secrets-mana... https://github.com/hashicorp/vault :

> Refer to Build Certificate Authority (CA) in Vault with an offline Root for an example of using a root CA external to Vault.

Secret Management: Securely stores sensitive configuration data and secrets using tools like AWS Secrets Manager or HashiCorp Vault. Avoid hardcoding secrets in code or configuration files.

The author of this tool basically took the Shamir code from Hashicorp Vault, which is pretty mainstream. If you're looking for a solid implementation, I would start there[0]. I wouldn't use the Shamir code from this repo, as it's an old version of the vault code using field arithmetic that doesn't run in constant time.

[0]: https://github.com/hashicorp/vault/blob/main/shamir/shamir.g...

Out of curiosity, what do you mean by this? cross-cluster? they already have HA: https://github.com/hashicorp/vault/blob/v1.14.1/website/cont...

while digging up that link, I also saw one named replication: https://github.com/hashicorp/vault/blob/v1.14.1/website/cont...