-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Multiple secrets providers #11
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently, the choice of secrets is Vault or nothing. I'd like to 1. make Vault integration a bit more modular (write a secrets provider interface that it satisfies) then introduce more secrets providers.
One of the reasons for this is, wadsworth is designed for simple deployments that don't need Kubernetes. Deploying and setting up Vault is quite a hassle to get decent security, and is generally advised to run on a separate server for both security and reliability reasons. I'd like to provide a simple middle-ground that fulfils the single-server use-case that Wadsworth was built to satisfy. This may be as simple as an in-memory store or some simple encrypted store.
Needs some thought. Currently, environment variables are propagated to every config engine VM so this can be a valid replacement but it can lead to users simply shoving their secrets into a
.env
file, which may not be the best security approach.The text was updated successfully, but these errors were encountered: