Lately, I’ve been thinking of implementing a secrets management system such as Infiscal, etc. Does anyone use this or something similar like Hashicorp?
How hard would it be to deploy on a pre-existing set up? How does that work? Do you call the required secret in your Docker compose? What makes a secret manager more secure than pulling secrets from an .env file?
Which secret manager is the most popular/better among selfhosters?
There are numerous automated systems for this, and almost every platform you use will have their own. Infiscal doesn’t seem bad, but I haven’t used it.
I always suggest engineers just use whatever is closest to their stacks instead of implementing something, UNLESS it’s going to cost a lot more money (looking at you, AWS).
Bitwarden/Vaultwarden+BWcli is also another workaround if you’re just using it for small projects.
Etcd can do value encryption, and Redia even, but you should really be looking at something that has solid RBAC, or ZTC rotation.