Learning with K3s at home. Is it "better" to store secrets encrypted in the git repo (e.g., sealed-secrets) or in a separately managed secret database (e.g., vault)?

This page summarizes the projects mentioned and recommended in the original post on /r/kubernetes

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
  • sealed-secrets

    A Kubernetes controller and tool for one-way encrypted Secrets

  • store secrets encrypted in the public git repo (e.g., sealed-secrets)

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo
  • Vault

    A tool for secrets management, encryption as a service, and privileged access management

  • store secrets encrypted in a separately managed secret database (e.g., vault)

  • argocd-vault-plugin

    An Argo CD plugin to retrieve secrets from Secret Management tools and inject them into Kubernetes secrets

  • argoproj-labs/argocd-vault-plugin

  • sops

    Simple and flexible tool for managing secrets

  • sops

  • git-crypt

    Transparent file encryption in git

  • git-crypt

  • gitops-environment-promotion

    Example for promoting a release between different GitOps environments

  • Yes. I personally use Kustomize overlays. Here is an contrived example with 10+ envs https://github.com/kostis-codefresh/gitops-environment-promotion/tree/main/envs

  • vault-secrets-operator

    Create Kubernetes secrets from Vault for a secure GitOps based workflow.

  • For home use, I wouldn't bother with Vault unless that's really what you want to learn. Then it's worth looking into setting something up where you could use vault secrets, using one of the available options (I haven't seen the vault-secrets-operator being mentioned).

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
  • rpi

    k3s@home setup (by slowr)

  • I use sops with age for my local k3s at home. Take a look here: https://github.com/slowr/rpi

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • GitOps and Kubernetes – Secure Handling of Secrets

    7 projects | dev.to | 18 Jan 2023
  • How should I manage my Helm charts?

    3 projects | /r/devops | 24 Apr 2022
  • Plain text Kubernetes secrets are fine

    1 project | news.ycombinator.com | 21 Jul 2023
  • helm upgrade error "Error: This command needs 2 arguments: release name, chart path"

    1 project | /r/codehunter | 10 Jun 2023
  • How to securely store configs across microservices and not commit secrets to vc

    2 projects | /r/kubernetes | 2 Jun 2023