git-crypt, git secret were found. What is your personal preference and why?
A couple of months ago, I have applied git-crypt. It was quite hard to set it up and the secrets are stored as binaries. I wonder whether git-secret is less cumbersome to set up. What other options are available?
I personally am a fan of Mozilla SOps, we've introduced it to two teams and it's gone down well both times, it has proven easy to implement both with local development and our CI/CD pipelines.
It has support for PGP/GPG to encrypt secrets but also supports Amazon KMS, GCP KMS and Azure KeyVault thus works well in an enterprise cloud-native infrastructure.
If your use case is Kubernetes, I like Sealed Secrets
It is what Weave Cloud uses to store configuration and do GitOps.
I have spent a good amount of time lately looking into the GoDaddy open-source CRD called ExternalSecrets. It's been pretty good to work with, it keeps the actual secret material in AWS Secrets Manager, and polls for changes. When a change is detected it creates/updates a Secret in your Kubernetes cluster. The only issue I've encountered is that you are mostly limited to using key/value pairs.
