How do you consume secrets (excluding Kubernetes)?

@ZoisPag

11 ай бұрын

I use Doppler. Doppler cli can inject secrets as ENV vars exactly like Teller.

@lajospapp4498

6 ай бұрын

github.com/helmfile/vals is pretty similar

@projekt95

2 ай бұрын

I save them on a MicroSD card and gulp them down with a nice beer. Jokes aside, I use bitwarden secrets manager because it is less complex and has far better pricing for a very small business like mine.

I'm interested in seeing the new way to manage DB schemas. Thank you so much for your efforts.

This is revolutionary!!

I have so many ideas! Thanks for sharing this.

🎉 thanks for the video, I'd also like to have a video about managing database schemas!

thanks for sharing! great content as always keep up the good work, may I ask which country are you from?

@DevOpsToolkit

11 ай бұрын

I was born in Serbia but I spent most of my life in Spain (barcelona).

Great tool thanks Victor since you are reviewing Teller for managing secrets can you please review Doppler?

@DevOpsToolkit

11 ай бұрын

Adding it to my to-do list... 🙂

What do you think about vals and vals-operator?

@DevOpsToolkit

5 ай бұрын

I haven't used it. Judging by a quick glance it seems it's similar to external secrets operator.

I've always taught that it's insecure to but password in ENV in a container....

@edb75001

11 ай бұрын

If they retrieve access to your container, it's already too late. If it's available to your service, it's available to the intruder, no matter how you present it. Embedded, they can do a simple hex edit on the binary and extract the string value of the secret. ENV, they can pull it easily from there too. CLI flag... history will show it easily there too. Stored in memory? They simply sideload an app that will dump the memory and pull the values. A secrets manager helps not just manage your secrets... but it's main purpose, besides a single resource for all your secrets, is to keep it out of repos and local dev environments but still accessible to your containers.

@fordneild2372

11 ай бұрын

🧠

So you mean storing all your secrets in an unencrypted text file and copy/pasting everywhere isn't best practice?

@DevOpsToolkit

11 ай бұрын

Yeah. That is a common practice 🙂 it's just that i sometimes go against what others are doing 😄

actually this is like another secret injector/fetcher like Vals if you use helmfile, but how if our application doesn't use env variable ? instead of using config file based on yaml file ? is it possible to do that ?

@DevOpsToolkit

11 ай бұрын

If you application is running in kubernetes, ESO is my choice. Teller is mostly for everything else, not a kubernetes operator.

@aushafy

11 ай бұрын

@@DevOpsToolkit oh yeah you're right, I have read the official docs and teller just for cmd side which mean development activity

He said docker containers!!!!