Learning with K3s at home. Is it "better" to store secrets encrypted in the git repo (e.g., sealed-secrets) or in a separately managed secret database (e.g., vault)?

This page summarizes the projects mentioned and recommended in the original post on /r/kubernetes
hardware-buttons linkedin-bot template-engine-js

InfluxDB – Built for High-Performance Time Series Workloads
InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

  1. sealed-secrets

    A Kubernetes controller and tool for one-way encrypted Secrets

    store secrets encrypted in the public git repo (e.g., sealed-secrets)

  2. InfluxDB

    InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

    InfluxDB logo

  3. Vault

    A tool for secrets management, encryption as a service, and privileged access management

    store secrets encrypted in a separately managed secret database (e.g., vault)

  4. argocd-vault-plugin

    An Argo CD plugin to retrieve secrets from Secret Management tools and inject them into Kubernetes secrets

    argoproj-labs/argocd-vault-plugin

  5. sops

    Simple and flexible tool for managing secrets

    sops

  6. git-crypt

    Transparent file encryption in git

    git-crypt

  7. gitops-environment-promotion

    Example for promoting a release between different GitOps environments

    Yes. I personally use Kustomize overlays. Here is an contrived example with 10+ envs https://github.com/kostis-codefresh/gitops-environment-promotion/tree/main/envs

  8. vault-secrets-operator

    Create Kubernetes secrets from Vault for a secure GitOps based workflow.

    For home use, I wouldn't bother with Vault unless that's really what you want to learn. Then it's worth looking into setting something up where you could use vault secrets, using one of the available options (I haven't seen the vault-secrets-operator being mentioned).

  9. SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo

  10. rpi

    k3s@home setup (by slowr)

    I use sops with age for my local k3s at home. Take a look here: https://github.com/slowr/rpi

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • GitOps and Kubernetes – Secure Handling of Secrets

    7 projects | dev.to | 18 Jan 2023

  • How should I manage my Helm charts?

    3 projects | /r/devops | 24 Apr 2022

  • Plain text Kubernetes secrets are fine

    1 project | news.ycombinator.com | 21 Jul 2023

  • helm upgrade error "Error: This command needs 2 arguments: release name, chart path"

    1 project | /r/codehunter | 10 Jun 2023

  • How to securely store configs across microservices and not commit secrets to vc

    2 projects | /r/kubernetes | 2 Jun 2023

Did you know that Go is
the 4th most popular programming language
based on number of references?

Loading...