DevOps Stack Exchange
DevOps Stack Exchange

Questions tagged [secret-management]

22 questions
50
votes
2 answers

Passing secrets to a Docker container

I have a base docker image which is used to run image analysis software. For each container created from the image, there are a set of configuration settings, some of which are secrets (encryption keys, customer information, etc.), that are used by…
Preston Martin
  • 3,288
  • 4
  • 18
  • 39
13
votes
1 answer

Should AWS arn values be treated as secrets?

I have a configuration file that contains AWS resource ARNs stored in a git repo. This includes some ARNs of AWS IAM role resources. Should these be treated as if they are a secret value, and not stored in a repository?
Preston Martin
  • 3,288
  • 4
  • 18
  • 39
5
votes
1 answer

Jenkins: make a credential available to all users

I'd like to allow all of our organization's users to create new pipelines in Jenkins, via Blue Ocean... This requires a Github access token, meaning I have to either require each user to use their own access token, or share the contents of an…
ivan
  • 151
  • 3
4
votes
2 answers

Secrets in Docker without Swarm

I am using Docker, but not Swarm (or any other orchestration) for a project. Is there a way to leverage Docker Secrets without Swarm?
a20z
  • 41
  • 1
  • 2
3
votes
2 answers

How to manage Env Variables / Configs on a Helm Chart + Github Actions + Github Secrets

I have a Rest API in Python that has several Configuration variables that are setup at startup time. This variables are read from the environment variables of the host machine. Our production environmant is on a kubernetes cluster that is deployed…
Pablo Estrada
  • 31
  • 2
2
votes
1 answer

Recommended Design - Communication among Jenkins + Vault + App

Design A: CD tool communicate with Vault to fetch App secrets on its behalf Jenkins ( CD tool ) computes the Vault path according to the app/project & according to which environment the app will be deployed (qa, staging, prod,...). Jenkins uses…
Abdennour TOUMI
  • 291
  • 3
  • 12
2
votes
2 answers

Best practices of authentication to Vault

What could be considered the most secure way of authenticating in HashiCorp Vault by an application running in a Kubernetes cluster? The AppRole method is nice, but implementing AppRole implies that the secret_id must be passed to the application.…
Volodymyr Melnyk
  • 121
  • 2
2
votes
1 answer

How to protect secrets whilst enabling the ability to amend a pipeline

I'm writing a CI pipeline using GitHub Actions. The pipeline will build a Docker image, which it will then push to our Docker repository (AWS ECR). In order to talk to ECR, we'll need to provide a secret (and some other details). That secret we'll…
JohnLBevan
  • 315
  • 1
  • 3
  • 11
2
votes
2 answers

Terraform's local state (the 2 tfstate files) contain very sensitive info

Part of my IaC that describes my systems for Azure is CosmosDB, and Keyvaults. Terraform happily created everything and I was able to use an output from CosmosDB (db keys) as an input to the Keyvault (as a keyvault secret) so my db key was safely…
Optical Carrier
  • 163
  • 3
1
vote
1 answer

How to manage Hashicorp Vault patching in AWS?

I'm setting up a Hashicorp Vault open source deployment in AWS, but I'm trying to figure out the best approach for keeping the underlying EC2 instances patched. I'm using AWS Systems Manager for patching, but won't that cause the patched instances…
Prime
  • 111
  • 3
1
vote
2 answers

How to handle different credentials in continuous integration?

I am using teamcity to automatically build and test a nodejs application. The problem I am facing is that the application needs to have some environment variables set during the build phase, as well as some secret variables that need to be set…
Cyclonecode
  • 111
  • 7
1
vote
1 answer

How do I get a secret into a property file with openshift and kubernetes?

I am new to openshift and kubernetes. I have a secret in openshift and made it avaliable to the pod as an environment variable. What is the best practice to get that value into a properies file (java) before the containers service starts? Is there a…
Nifle
  • 143
  • 1
  • 1
  • 6
1
vote
1 answer

Is it possible to create a tls kubernetes secret using Azure Key Vault data resources in Terraform?

I have a certificate file and a private key file that I am using to implement tls encrypted traffic for several different k8s pods running under an NGINX ingress load balancer. This works fine (i.e. the web apps are visible and show as secure in a…
az2tonez
  • 21
  • 3
1
vote
1 answer

How to fetch azure secret if exist in KV using terraform

I am using below terraform code for fetch azure secret and this is working fine when secret is exist in the azure KV. Getting error when secret is not available in KV. data "azurerm_key_vault_secret" "win_admin_pass" { name =…
Nullpointer
  • 255
  • 1
  • 4
  • 12
1
vote
1 answer

How can I pass a secret from a Salt Master to a Minion without using a Pillar?

I am looking to understand how I can reduce duplication of secrets. For example SSL Certificates. I want to have the Salt Master pull the Certificate from a Secure Source (Azure Key Vault) and then 'share' that value with a targeted Minion(s). I…
Steven K7FAQ
  • 666
  • 1
  • 5
  • 13
1
2