On DevOps — 11. Secret Management — an Introduction to Secret Manager (HashiCorp Vault, AWS Secrets Manager), and Best Practice
According to my plan, this topic should come later in this series, because normally after you talk about infrastructure as code, you talk about configuration management. And since secrets management is a topic related to many other things (like how to use it inside your configuration management, how to use it in your compute resources like Kubernetes), it’s better to introduce this topic after discussing configuration management and Kubernetes.
But because recently I did quite some work on this topic, I’d like to share it now to make hay while the sun shines as a summary of my recent thoughts and work. So forgive me for being illogical this time.
Secret, Secret
In the field of software development and information technology, no matter what you do, chances are, you can’t do it without secrets.
When you are developing an app, the app itself might need access to a database, so it needs the password. Or maybe the app talks to another API that requires authentication, so you need a token, which is a secret.
You can’t put the secret in your version control system either because that’s dangerous.
