Our great sponsors
-
argocd-vault-replacer
An Argo CD plugin to replace placeholders in Kubernetes manifests with secrets stored in Hashicorp Vault.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
I've recently installed Hashicorp vault on my k8s@homelab. I'm pretty "lazy" and want literally everything as a code. That includes passwords that will be injected into the vault. I've decided to use Terraform to populate the vault but now... how to encrypt the TFvars and keep em in GH? I'm confussed. Using SOPS/pass/any-other-mechanism for encrypting passwords that shall be encrypted in vault sounds weird, but I don't see any other way. How you guys handle it?
I use argocd with argocd-vault-replacer: https://github.com/crumbhole/argocd-vault-replacer