this post was submitted on 10 Feb 2024
85 points (100.0% liked)

DevOps

1688 readers
1 users here now

DevOps integrates and automates the work of software development (Dev) and IT operations (Ops) as a means for improving and shortening the systems development life cycle.

Rules:

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] RandomDevOpsDude 2 points 9 months ago (5 children)

I can't believe I haven't seen external secrets before. Sealed secrets are cool, but such a pain as you described. Gonna be setting up external secrets next week sounds like. Thanks for the great post

[–] [email protected] 2 points 9 months ago (4 children)

What do you think about storing your encrypted secrets in your repos using Sops?

[–] RandomDevOpsDude 1 points 9 months ago (1 children)

I prefer Sealed Secrets over sops since it has the namespace scoping element and can also be stored in repo (once encrypted). I also generally prefer having a controller deployed rather than forcing devs to learn kustomize (which we don't widely use yet) so I guess less of a support burden for me.

[–] [email protected] 2 points 9 months ago (1 children)

I understand your point. Anyway, if your devs are using Helm they can still use Sops with the helm-secrets plugin. Just create a separated values file (can be named as secrets.yaml) contaning all sensitive values and encrypt it with Sops.

[–] RandomDevOpsDude 1 points 9 months ago (1 children)

Thanks for sharing! I definitely hadn't seen that plugin. We definitely use helm, even though I hate it lol. I will take a look when I get around to looking at external secrets since I still haven't had a chance to (you know how it goes... priorities made up by some random PM or whatever)

[–] [email protected] 2 points 9 months ago

If you still want more you can use Helmfile. Take care of your PMs 😁

load more comments (2 replies)
load more comments (2 replies)