• z3r0@lemmy.zip
    link
    fedilink
    arrow-up
    2
    ·
    9 months ago

    What do you think about storing your encrypted secrets in your repos using Sops?

    • RandomDevOpsDudeM
      link
      fedilink
      English
      arrow-up
      1
      ·
      9 months ago

      I prefer Sealed Secrets over sops since it has the namespace scoping element and can also be stored in repo (once encrypted). I also generally prefer having a controller deployed rather than forcing devs to learn kustomize (which we don’t widely use yet) so I guess less of a support burden for me.

      • z3r0@lemmy.zip
        link
        fedilink
        arrow-up
        2
        ·
        9 months ago

        I understand your point. Anyway, if your devs are using Helm they can still use Sops with the helm-secrets plugin. Just create a separated values file (can be named as secrets.yaml) contaning all sensitive values and encrypt it with Sops.

        • RandomDevOpsDudeM
          link
          fedilink
          English
          arrow-up
          1
          ·
          9 months ago

          Thanks for sharing! I definitely hadn’t seen that plugin. We definitely use helm, even though I hate it lol. I will take a look when I get around to looking at external secrets since I still haven’t had a chance to (you know how it goes… priorities made up by some random PM or whatever)