top | item 41420643

(no title)

JanMa | 1 year ago

There's a lot of tools you could use for this (I'd personally recommend OpenBao), but in my opinion proper SSO, permission and group management is way more important.

If you make an effort to define granular groups for every team, and role you have in your company it makes the management of access to resources (and not only secrets) a lot easier.

In the example you describe, the newly promoted hire would automatically be added to new groups which will have the right to access the needed Secrets. Similarly, whenever a person leaves your company, simply remove them from the groups they are in and they (almost) immediately loose all access.

It's not a small feat to built, maintain and reconfigure all your tools to use it, but if you do it really pays dividends

discuss

No comments yet.