Lately, I’ve been thinking of implementing a secrets management system such as Infiscal, etc. Does anyone use this or something similar like Hashicorp?
How hard would it be to deploy on a pre-existing set up? How does that work? Do you call the required secret in your Docker compose? What makes a secret manager more secure than pulling secrets from an .env file?
Which secret manager is the most popular/better among selfhosters?
Oh, I didn’t realize this was for plain containers, sorry.
For that I use Ansible to deploy the containers in my server. The secrets are stored encrypted in my local machine with passwordstore and I use the passwordstore lookup plugin to load them in the playbooks/templates.