• z3r0
    link
    fedilink
    arrow-up
    2
    ·
    9 months ago

    What do you think about storing your encrypted secrets in your repos using Sops?

    • RandomDevOpsDude@programming.devM
      link
      fedilink
      English
      arrow-up
      1
      ·
      9 months ago

      I prefer Sealed Secrets over sops since it has the namespace scoping element and can also be stored in repo (once encrypted). I also generally prefer having a controller deployed rather than forcing devs to learn kustomize (which we don’t widely use yet) so I guess less of a support burden for me.

      • z3r0
        link
        fedilink
        arrow-up
        2
        ·
        9 months ago

        I understand your point. Anyway, if your devs are using Helm they can still use Sops with the helm-secrets plugin. Just create a separated values file (can be named as secrets.yaml) contaning all sensitive values and encrypt it with Sops.

        • RandomDevOpsDude@programming.devM
          link
          fedilink
          English
          arrow-up
          1
          ·
          9 months ago

          Thanks for sharing! I definitely hadn’t seen that plugin. We definitely use helm, even though I hate it lol. I will take a look when I get around to looking at external secrets since I still haven’t had a chance to (you know how it goes… priorities made up by some random PM or whatever)

          • z3r0
            link
            fedilink
            arrow-up
            2
            ·
            9 months ago

            If you still want more you can use Helmfile. Take care of your PMs 😁