Learning with K3s at home. Is it "better" to store secrets encrypted in the git repo (e.g., sealed-secrets) or in a separately managed secret database (e.g., vault)?

This page summarizes the projects mentioned and recommended in the original post on /r/kubernetes
Kubernetes Vault Gitops kubernetes-secrets Secrets

InfluxDB
Our great sponsors
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • sealed-secrets

    A Kubernetes controller and tool for one-way encrypted Secrets

    • store secrets encrypted in the public git repo (e.g., sealed-secrets)

  • Vault

    A tool for secrets management, encryption as a service, and privileged access management

    • store secrets encrypted in a separately managed secret database (e.g., vault)

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • argocd-vault-plugin

    An Argo CD plugin to retrieve secrets from Secret Management tools and inject them into Kubernetes secrets

    • argoproj-labs/argocd-vault-plugin

  • sops

    Simple and flexible tool for managing secrets

    • sops

  • git-crypt

    Transparent file encryption in git

    • git-crypt

  • gitops-environment-promotion

    Example for promoting a release between different GitOps environments

    • Yes. I personally use Kustomize overlays. Here is an contrived example with 10+ envs https://github.com/kostis-codefresh/gitops-environment-promotion/tree/main/envs

  • vault-secrets-operator

    Create Kubernetes secrets from Vault for a secure GitOps based workflow.

    • For home use, I wouldn't bother with Vault unless that's really what you want to learn. Then it's worth looking into setting something up where you could use vault secrets, using one of the available options (I haven't seen the vault-secrets-operator being mentioned).

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo

  • rpi

    k3s@home setup (by slowr)

    • I use sops with age for my local k3s at home. Take a look here: https://github.com/slowr/rpi

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts