• RandomDevOpsDude@programming.devM
    link
    fedilink
    English
    arrow-up
    2
    ·
    10 months ago

    I can’t believe I haven’t seen external secrets before. Sealed secrets are cool, but such a pain as you described. Gonna be setting up external secrets next week sounds like. Thanks for the great post

    • z3r0@lemmy.zip
      link
      fedilink
      arrow-up
      2
      ·
      9 months ago

      What do you think about storing your encrypted secrets in your repos using Sops?

      • RandomDevOpsDude@programming.devM
        link
        fedilink
        English
        arrow-up
        1
        ·
        9 months ago

        I prefer Sealed Secrets over sops since it has the namespace scoping element and can also be stored in repo (once encrypted). I also generally prefer having a controller deployed rather than forcing devs to learn kustomize (which we don’t widely use yet) so I guess less of a support burden for me.

        • z3r0@lemmy.zip
          link
          fedilink
          arrow-up
          2
          ·
          9 months ago

          I understand your point. Anyway, if your devs are using Helm they can still use Sops with the helm-secrets plugin. Just create a separated values file (can be named as secrets.yaml) contaning all sensitive values and encrypt it with Sops.

          • RandomDevOpsDude@programming.devM
            link
            fedilink
            English
            arrow-up
            1
            ·
            9 months ago

            Thanks for sharing! I definitely hadn’t seen that plugin. We definitely use helm, even though I hate it lol. I will take a look when I get around to looking at external secrets since I still haven’t had a chance to (you know how it goes… priorities made up by some random PM or whatever)