Ask HN: How do you handle secret management?
All day I've been struggling with this: if I use a secret management system like Vault or Keywhiz or AWS KMS, I still have to store the credentials for that system in plaintext. So then I feel like I haven't accomplished anything whatsoever. To be honest I don't even understand the purpose of these systems.
What am I missing here?
3 comments
[ 3.2 ms ] story [ 17.9 ms ] threadhttps://github.com/mozilla/sops
In this case, AWS knows what your instance is and what it is allowed to do, and so you can access SSM without any other credentials being stored on the system.
But this only works if you’re running your EC2 instance in AWS.