Over the past couple years, I have set up different ways of managing secrets in the cloud. I really like Berglas’ and BankVaults’ model of having a custom entrypoint that fetches secrets and provides them to the application via its environment variables. The approach has limits but I always found its simplicity elegant.
Berglas works for GCP and BankVaults works for Vault, but there was no equivalent for AWS and Azure. So I wrote whisper. The goal is for it to support many secret storage providers, even fetching from multiple at once.
1 comment
[ 3.0 ms ] story [ 15.5 ms ] threadOver the past couple years, I have set up different ways of managing secrets in the cloud. I really like Berglas’ and BankVaults’ model of having a custom entrypoint that fetches secrets and provides them to the application via its environment variables. The approach has limits but I always found its simplicity elegant.
Berglas works for GCP and BankVaults works for Vault, but there was no equivalent for AWS and Azure. So I wrote whisper. The goal is for it to support many secret storage providers, even fetching from multiple at once.
Let me know what you think!