All guides to deploy using docker mention typing your keys/credentials/secrets into the docker compose file, or use a .env or similar file, I’m wondering how secure is this and if there’s a better option.

Also, this has the issue of having to get into the server to manage them, remembering which file has each credential.

Is there a selfhostable secrets manager? I’ve only found proprietary/paid ones for large infrastructures and I just need it for a couple of my servers/projects.

  • manitcor@lemmy.intai.tech
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    seconded for hashicorp, you can do secrets and env vars while cutting your teeth but you should be on a path to learning and setting up secure secrets vaults.