Over the past couple years, I have set up different ways of managing secrets in the cloud. I really like Berglas’ and BankVaults’ model of having a custom entrypoint that fetches secrets and provides them to the application via its environment variables. The approach has limits but I always found its simplicity elegant.
Berglas works for GCP and BankVaults works for Vault, but there was no equivalent for AWS and Azure. So I wrote whisper. The goal is for it to support many secret storage providers, even fetching from multiple at once.
[+] [-] busser|3 years ago|reply
Over the past couple years, I have set up different ways of managing secrets in the cloud. I really like Berglas’ and BankVaults’ model of having a custom entrypoint that fetches secrets and provides them to the application via its environment variables. The approach has limits but I always found its simplicity elegant.
Berglas works for GCP and BankVaults works for Vault, but there was no equivalent for AWS and Azure. So I wrote whisper. The goal is for it to support many secret storage providers, even fetching from multiple at once.
Let me know what you think!