All guides to deploy using docker mention typing your keys/credentials/secrets into the docker compose file, or use a .env or similar file, I’m wondering how secure is this and if there’s a better option.

Also, this has the issue of having to get into the server to manage them, remembering which file has each credential.

Is there a selfhostable secrets manager? I’ve only found proprietary/paid ones for large infrastructures and I just need it for a couple of my servers/projects.

  • NewDataEngineer@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I wish there was something between hashicorp vault and keepass. I want a nice simple UI that even my family could use with Terraform integration. Anyone know of such a program?

    • doeknius_gloek@feddit.de
      link
      fedilink
      English
      arrow-up
      7
      ·
      1 year ago

      I have no experience with terraform but Bitwarden has an API and CLI, so you might be able to script something with it?

      • NewDataEngineer@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Thanks. I knew about bit/vaultwarden but I just looked and I see that there is a Terraform module and the UI looks good.

        Thanks.

      • pe1ucaOP
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        1 year ago

        I was thinking about this, since it’d be using foss, but if no library exists to handle the pass to a script/config file then it’d be maintaining a custom solution which might not be that secure.

        Edit: hashicorp’s vault is open source, so I’ll be giving it a try.
        https://github.com/hashicorp/vault

        • NewDataEngineer@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          1
          ·
          1 year ago

          Bitwarden has a CLI that you can script with. Also vaultwarden is the FOSS version.

          Just in case you want to try.