website VS Vault

cert-manager is a CRD (Custom Resource Definition) that dynamically generates TLS/SSL certificates for our applications using Let's Encrypt (although it also supports other issuers).

Install Certbot Certbot is a CLI that helps to obtain and maintain Let's Encrypt cert.

Let's Encrypt. CapRover automatically configures each service with nginx. SSL certificates (on multiple domains too) are just the click of a button.

you should look at free services like https://letsencrypt.org/

Let's Encrypt Let's Encrypt is a free, automated, and open certificate authority brought to you by the nonprofit Internet Security…letsencrypt.org

Today, you will learn how to deploy your node.js project to the internet via an Amazon Web Services EC2 Instance at little or no cost. You will learn how to create an AWS EC2 Instance and work in Amazon Linux 2, create and manage services with SYSTEMD, use NGINX as a reverse proxy and obtain an SSL certificate from Let's Encrypt to ensure your website is secure via HTTPS protocol. So let’s get to it and deploy your project to your EC2 Instance.

Luckily you can get the https easily. I’ve been using https://letsencrypt.org/ to get it encrypted. Was fast and free. No real barrier just a bunch of setup.

It is able to get them via requests to Let's Encrypt with acme-client. (See: How to conifugre OpenBSD acme-client).

3- What is the best free certificate , I have found many like : Cloudflare , letsencrypt.org , and node (I can create SSl certificate on it )

HashiCorp Vault

For a more comprehensive and robust secret management solution, get your hands on tools like GCP Secret Manager, or HashiCorp Vault. They're like the security guards of your secrets, providing a safe house, access control, and keeping logs of who’s been snooping around.

HashiCorp Vault is a popular tool for managing secrets in Kubernetes clusters. It offers advanced features such as secure storage, encryption, dynamic secrets generation, and integration with Kubernetes through its Kubernetes authentication method.

So you've just bought a new platform tool? Maybe it's Hashicorp Vault? Snyk? Backstage? You’re excited about all of the developer experience, security and other benefits you're about to unleash on your company—right? But wait…

You seem to be looking for a cross-platform solution, and https://www.vaultproject.io/ provides just that. If everything was in AWS, AWS Secret Manager might be great, but imo Vault provides much better platform-agnostic capabilities.

https://github.com/openwrt/luci/blob/master/applications/luc...

https://developer.hashicorp.com/vault/tutorials/secrets-mana... https://github.com/hashicorp/vault :

> Refer to Build Certificate Authority (CA) in Vault with an offline Root for an example of using a root CA external to Vault.

Secret Management: Securely stores sensitive configuration data and secrets using tools like AWS Secrets Manager or HashiCorp Vault. Avoid hardcoding secrets in code or configuration files.

The author of this tool basically took the Shamir code from Hashicorp Vault, which is pretty mainstream. If you're looking for a solid implementation, I would start there[0]. I wouldn't use the Shamir code from this repo, as it's an old version of the vault code using field arithmetic that doesn't run in constant time.

[0]: https://github.com/hashicorp/vault/blob/main/shamir/shamir.g...

Out of curiosity, what do you mean by this? cross-cluster? they already have HA: https://github.com/hashicorp/vault/blob/v1.14.1/website/cont...

while digging up that link, I also saw one named replication: https://github.com/hashicorp/vault/blob/v1.14.1/website/cont...