Our great sponsors
-
kubernetes-external-secrets
Discontinued Integrate external secret management systems with Kubernetes
-
bank-vaults
Discontinued A Vault swiss-army knife: A CLI tool to init, unseal and configure Vault (auth methods, secret engines).
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
Use an operator to manage native k8s secrets - something like https://github.com/external-secrets/kubernetes-external-secrets directly manages the native k8s resources using an external vault solution which is perfectly fine for storing credentials.
Encrypted secrets can't be more than a temporary solution. That's why I'm not a fan of SOPS/Sealed Secrets/etc. I think the future for both security and usability is dynamic injection. Vault is the dopeness but I'm not a fan of the upstream Vault Injector -- shared volumes are a step backwards. It's all about the BanzaiCloud Vault Webhook -- secrets **only ever available to the running process**, rotation means: update the value in vault and bounce the pod, done. This is the way.