flipt VS Vault

We at https://flipt.io are putting on a buy vs build webinar in a couple of weeks to discuss this very thing as it's a common question that engineering teams seem to have.

If you're interested in attending its taking place on LinkedIn on April 17: https://www.linkedin.com/events/buildvs-buy-pickingafeaturef...

We're currently evaluating OPA for adding RBAC to our open-source application [0]. We plan on using the Go API [1] and doing the policy eval directly in our app since our app is also written in Go.

The thinking is we'll have some basic built-in policies (like admins can do X, editors can do Y, etc) but also allow users to configure their own policies if they want by writing rego and loading their policy rules at startup time (via config). We'd document the inputs that we pass to the evaluation call such as request headers, IP, role, etc.

I'm curious if anyone has ever tried something like this or similar?

[0] https://github.com/flipt-io/flipt

[1] https://www.openpolicyagent.org/docs/latest/integration/#int...

Flipt - Clickhouse integration for flag eval analytics

At Flipt, we continually discuss technologies that can bring change to the industry. In this article, we delve into cutting-edge top trends and tools that can redefine DevOps and platform engineering this year.

In this article, I will share the DevOps tools that we've used at Flipt and in previous roles (such as at InfluxDB). These tools are relevant for any modern software project.

But after onboarding 50+ contributors to Flipt, I realized there are ways to make starts easy for newbies.

In this article, I will share the effort-based issue labeling system we use at Flipt to deal with this problem.

Flipt has reached 3k GitHub stars ⭐ this week.

In this article, I’m sharing 3 GitHub Actions we use at Flipt that saved us more than 500 developer hours.

In this article, I’ll share 3 tools we use at Flipt to maintain high code quality and ship features reliably.

HashiCorp Vault

For a more comprehensive and robust secret management solution, get your hands on tools like GCP Secret Manager, or HashiCorp Vault. They're like the security guards of your secrets, providing a safe house, access control, and keeping logs of who’s been snooping around.

HashiCorp Vault is a popular tool for managing secrets in Kubernetes clusters. It offers advanced features such as secure storage, encryption, dynamic secrets generation, and integration with Kubernetes through its Kubernetes authentication method.

So you've just bought a new platform tool? Maybe it's Hashicorp Vault? Snyk? Backstage? You’re excited about all of the developer experience, security and other benefits you're about to unleash on your company—right? But wait…

You seem to be looking for a cross-platform solution, and https://www.vaultproject.io/ provides just that. If everything was in AWS, AWS Secret Manager might be great, but imo Vault provides much better platform-agnostic capabilities.

https://github.com/openwrt/luci/blob/master/applications/luc...

https://developer.hashicorp.com/vault/tutorials/secrets-mana... https://github.com/hashicorp/vault :

> Refer to Build Certificate Authority (CA) in Vault with an offline Root for an example of using a root CA external to Vault.

Secret Management: Securely stores sensitive configuration data and secrets using tools like AWS Secrets Manager or HashiCorp Vault. Avoid hardcoding secrets in code or configuration files.

The author of this tool basically took the Shamir code from Hashicorp Vault, which is pretty mainstream. If you're looking for a solid implementation, I would start there[0]. I wouldn't use the Shamir code from this repo, as it's an old version of the vault code using field arithmetic that doesn't run in constant time.

[0]: https://github.com/hashicorp/vault/blob/main/shamir/shamir.g...

Out of curiosity, what do you mean by this? cross-cluster? they already have HA: https://github.com/hashicorp/vault/blob/v1.14.1/website/cont...

while digging up that link, I also saw one named replication: https://github.com/hashicorp/vault/blob/v1.14.1/website/cont...