Stepan's blog

Managing secrets with automation tools

There are few rules to manage secrets secure:

  • Do not store decrypted secrets on disk
  • Do not commit secrets in git

here are some hacks regarding this topics:

  • Create k8s secret from vault with terraform
  • Refer secret with helm - do not put them in values.yaml
  • Refer secret in pod with vault-injector annotations
  • Refer secret with ECK CRDs
  • .dockerconfigjson secrets
  • Copy secret between namespaces with terraform
  • Pass secret from terraform to ansible as environment variable
Previous

Awscli hacks

describe instances queries ec2 describe-instances --filters --query 'Reservations[].Instances[][Placement.AvailabilityZone, State.Name, Tags[?Key==`Name`].Value ]' --query 'Reservations[].Instances[][Placement.AvailabilityZone, SubnetId, State.Name, InstanceId, NetworkInterfaces[?Status ==`in-use`].[PrivateIpAddresses[?Primary==`true`].PrivateIpAddress], Tags[?Key==`Name`].Value] aws...

This project is maintained by stepan111