Our great sponsors
-
The CI/CD has a service account with permissions to all envs, and during deployment it renders the config files and inserts the "real" values by pulling it from Vault/KMS. Something very simple is Spruce, which is actually a powerful general templating tool but I've seen it only used for vault secrets so far.
-
There's a central key management service. Hashicorp Vault is pretty much the de-facto standard and most other tools integrate nicely with this. The only exception I've seen if companies are fully invested into a single cloud provider, in which case their cloud native alternative is used (AWS KMS, GCP KMS, Azure Keyvault). Even then, sometimes Vault is used as a frontend with the Cloud KMS as backing store.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
Related posts
- Terraform & HashiCorp Vault Integration: Seamless Secrets Management
- Keep it cool and secure: do's and don'ts for managing Web App secrets
- Kubernetes Secret Management
- AWS Secrets Manager for on-premise and other cloud accounts scaled architecture
- What are some basics that a lot of Sysadmins/IT teams miss?