All guides to deploy using docker mention typing your keys/credentials/secrets into the docker compose file, or use a .env or similar file, I’m wondering how secure is this and if there’s a better option.

Also, this has the issue of having to get into the server to manage them, remembering which file has each credential.

Is there a selfhostable secrets manager? I’ve only found proprietary/paid ones for large infrastructures and I just need it for a couple of my servers/projects.

  • pe1uca@lemmy.pe1uca.devOPEnglish
    1·
    1 year ago

    I was thinking about this, since it’d be using foss, but if no library exists to handle the pass to a script/config file then it’d be maintaining a custom solution which might not be that secure.

    Edit: hashicorp’s vault is open source, so I’ll be giving it a try.
    https://github.com/hashicorp/vault

    • NewDataEngineer@lemmy.worldEnglish
      11·
      1 year ago

      Bitwarden has a CLI that you can script with. Also vaultwarden is the FOSS version.

      Just in case you want to try.