What are people using to manage secrets, such as database passwords, license keys, etc.?
Do you restrict access to these secrets to certain pods? Do you rotate them?
Solutions I’ve seen (but not tried at this stage) include:
- Vault with https://github.com/Boostport/kubernetes-vault and https://github.com/UKHomeOffice/vault-sidekick
- Bitnami’s sealed secrets https://engineering.bitnami.com/articles/sealed-secrets.html
- Kubesec https://github.com/shyiko/kubesec
- Aqua Security (+ Vault). I work for an open source company, and we can’t provide a solution and then tell people they need to buy X to get it to work.
But what do you use? How hard was it to set up? Would you use it again, now?