I save them on a MicroSD card and gulp them down with a nice beer. Jokes aside, I use bitwarden secrets manager because it is less complex and has far better pricing for a very small business like mine.
If they retrieve access to your container, it's already too late. If it's available to your service, it's available to the intruder, no matter how you present it. Embedded, they can do a simple hex edit on the binary and extract the string value of the secret. ENV, they can pull it easily from there too. CLI flag... history will show it easily there too. Stored in memory? They simply sideload an app that will dump the memory and pull the values. A secrets manager helps not just manage your secrets... but it's main purpose, besides a single resource for all your secrets, is to keep it out of repos and local dev environments but still accessible to your containers.
actually this is like another secret injector/fetcher like Vals if you use helmfile, but how if our application doesn't use env variable ? instead of using config file based on yaml file ? is it possible to do that ?
How do you consume secrets (excluding Kubernetes)?
I use Doppler. Doppler cli can inject secrets as ENV vars exactly like Teller.
github.com/helmfile/vals is pretty similar
I save them on a MicroSD card and gulp them down with a nice beer.
Jokes aside, I use bitwarden secrets manager because it is less complex and has far better pricing for a very small business like mine.
I'm interested in seeing the new way to manage DB schemas.
Thank you so much for your efforts.
Great tool thanks Victor since you are reviewing Teller for managing secrets can you please review Doppler?
Adding it to my to-do list... 🙂
So you mean storing all your secrets in an unencrypted text file and copy/pasting everywhere isn't best practice?
Yeah. That is a common practice 🙂 it's just that i sometimes go against what others are doing 😄
🎉 thanks for the video, I'd also like to have a video about managing database schemas!
I've always taught that it's insecure to but password in ENV in a container....
If they retrieve access to your container, it's already too late. If it's available to your service, it's available to the intruder, no matter how you present it. Embedded, they can do a simple hex edit on the binary and extract the string value of the secret. ENV, they can pull it easily from there too. CLI flag... history will show it easily there too. Stored in memory? They simply sideload an app that will dump the memory and pull the values.
A secrets manager helps not just manage your secrets... but it's main purpose, besides a single resource for all your secrets, is to keep it out of repos and local dev environments but still accessible to your containers.
🧠
He said docker containers!!!!
What do you think about vals and vals-operator?
I haven't used it. Judging by a quick glance it seems it's similar to external secrets operator.
I have so many ideas! Thanks for sharing this.
This is revolutionary!!
thanks for sharing! great content as always
keep up the good work, may I ask which country are you from?
I was born in Serbia but I spent most of my life in Spain (barcelona).
actually this is like another secret injector/fetcher like Vals if you use helmfile, but how if our application doesn't use env variable ? instead of using config file based on yaml file ? is it possible to do that ?
If you application is running in kubernetes, ESO is my choice. Teller is mostly for everything else, not a kubernetes operator.
@@DevOpsToolkit oh yeah you're right, I have read the official docs and teller just for cmd side which mean development activity