Secrets Made My Life Miserable - Consume Secrets Easily With Teller
Ғылым және технология
Secrets were making my life miserable... until now.
Consume secrets with the CNCF project Teller.
#cncf #secrets #teller
Consider joining the channel: / devopstoolkit
▬▬▬▬▬▬ 🔗 Additional Info 🔗 ▬▬▬▬▬▬
➡ Gist with the commands: gist.github.com/vfarcic/42d96...
🔗 Teller: tlr.dev
🎬 Manage Kubernetes Secrets With External Secrets Operator (ESO): • Manage Kubernetes Secr...
🎬 SchemaHero - Database Schema Migrations Inside Kubernetes: • SchemaHero - Database ...
🎬 How To Inspect, Plan, Migrate DB Schemas With Atlas: • How To Inspect, Plan, ...
▬▬▬▬▬▬ 💰 Sponsoships 💰 ▬▬▬▬▬▬
If you are interested in sponsoring this channel, please use calendly.com/vfarcic/meet to book a timeslot that suits you, and we'll go over the details. Or feel free to contact me over Twitter or LinkedIn (see below).
▬▬▬▬▬▬ 👋 Contact me 👋 ▬▬▬▬▬▬
➡ Twitter: / vfarcic
➡ LinkedIn: / viktorfarcic
▬▬▬▬▬▬ 🚀 Other Channels 🚀 ▬▬▬▬▬▬
🎤 Podcast: www.devopsparadox.com/
💬 Live streams: / devopsparadox
▬▬▬▬▬▬ ⏱ Timecodes ⏱ ▬▬▬▬▬▬
00:00 Introduction to Secrets Consumption
02:40 Secrets From a Terminal With Teller
06:10 Secrets For App Development With Teller
08:28 Secrets For Docker With Teller
10:08 There's More To Teller...
12:21 Teller Pros And Cons
Пікірлер: 29
How do you consume secrets (excluding Kubernetes)?
@ZoisPag
11 ай бұрын
I use Doppler. Doppler cli can inject secrets as ENV vars exactly like Teller.
@lajospapp4498
6 ай бұрын
github.com/helmfile/vals is pretty similar
@projekt95
2 ай бұрын
I save them on a MicroSD card and gulp them down with a nice beer. Jokes aside, I use bitwarden secrets manager because it is less complex and has far better pricing for a very small business like mine.
I'm interested in seeing the new way to manage DB schemas. Thank you so much for your efforts.
This is revolutionary!!
I have so many ideas! Thanks for sharing this.
🎉 thanks for the video, I'd also like to have a video about managing database schemas!
thanks for sharing! great content as always keep up the good work, may I ask which country are you from?
@DevOpsToolkit
11 ай бұрын
I was born in Serbia but I spent most of my life in Spain (barcelona).
Great tool thanks Victor since you are reviewing Teller for managing secrets can you please review Doppler?
@DevOpsToolkit
11 ай бұрын
Adding it to my to-do list... 🙂
What do you think about vals and vals-operator?
@DevOpsToolkit
5 ай бұрын
I haven't used it. Judging by a quick glance it seems it's similar to external secrets operator.
I've always taught that it's insecure to but password in ENV in a container....
@edb75001
11 ай бұрын
If they retrieve access to your container, it's already too late. If it's available to your service, it's available to the intruder, no matter how you present it. Embedded, they can do a simple hex edit on the binary and extract the string value of the secret. ENV, they can pull it easily from there too. CLI flag... history will show it easily there too. Stored in memory? They simply sideload an app that will dump the memory and pull the values. A secrets manager helps not just manage your secrets... but it's main purpose, besides a single resource for all your secrets, is to keep it out of repos and local dev environments but still accessible to your containers.
@fordneild2372
11 ай бұрын
🧠
So you mean storing all your secrets in an unencrypted text file and copy/pasting everywhere isn't best practice?
@DevOpsToolkit
11 ай бұрын
Yeah. That is a common practice 🙂 it's just that i sometimes go against what others are doing 😄
actually this is like another secret injector/fetcher like Vals if you use helmfile, but how if our application doesn't use env variable ? instead of using config file based on yaml file ? is it possible to do that ?
@DevOpsToolkit
11 ай бұрын
If you application is running in kubernetes, ESO is my choice. Teller is mostly for everything else, not a kubernetes operator.
@aushafy
11 ай бұрын
@@DevOpsToolkit oh yeah you're right, I have read the official docs and teller just for cmd side which mean development activity
He said docker containers!!!!