Secrets Made My Life Miserable - Consume Secrets Easily With Teller

Рет қаралды 11,163

DevOps Toolkit

Күн бұрын

Пікірлер: 32

@DevOpsToolkit Жыл бұрын

How do you consume secrets (excluding Kubernetes)?

@ZoisPag Жыл бұрын

I use Doppler. Doppler cli can inject secrets as ENV vars exactly like Teller.

@lajospapp4498 Жыл бұрын

github.com/helmfile/vals is pretty similar

@projekt95 9 ай бұрын

I save them on a MicroSD card and gulp them down with a nice beer. Jokes aside, I use bitwarden secrets manager because it is less complex and has far better pricing for a very small business like mine.

@abessesmahi4888 Жыл бұрын

I'm interested in seeing the new way to manage DB schemas. Thank you so much for your efforts.

@IvanRizzante Жыл бұрын

🎉 thanks for the video, I'd also like to have a video about managing database schemas!

@Stefan29dec Жыл бұрын

thanks for sharing! great content as always keep up the good work, may I ask which country are you from?

@DevOpsToolkit Жыл бұрын

I was born in Serbia but I spent most of my life in Spain (barcelona).

@knelasevero Жыл бұрын

I have so many ideas! Thanks for sharing this.

@KingoOoVideos Жыл бұрын

Great tool thanks Victor since you are reviewing Teller for managing secrets can you please review Doppler?

@DevOpsToolkit Жыл бұрын

Adding it to my to-do list... 🙂

@jamesriordan5461 Жыл бұрын

This is revolutionary!!

@lucasfcnunes 11 ай бұрын

What do you think about vals and vals-operator?

@DevOpsToolkit 11 ай бұрын

I haven't used it. Judging by a quick glance it seems it's similar to external secrets operator.

@prolixalias Ай бұрын

Hey there Viktor! I'm curious how you've managed to get around the error below with teller v2.0.7 and modern .teller.yml format that I borrowed from your crossplane-kubernetes repo: ```Error: Bad service account key: missing field `private_key` at line 9 column 1```

@DevOpsToolkit Ай бұрын

I don't think I encountered that error. I had others that were caused by 2.x using a new yaml format. I can send you a sample yaml if that helps (it's for gcp).

@prolixalias Ай бұрын

@@DevOpsToolkit Don't you ever sleep? It seems like you're always online... The one I borrowed is below, adjusted to my path/keys: providers: google_secrets_manager: kind: google_secretmanager maps: - id: secrets path: projects/vfarcic keys: upbound-account: UP_ACCOUNT upbound-token: UP_TOKEN aws-access-key-id: AWS_ACCESS_KEY_ID aws-secret-access-key: AWS_SECRET_ACCESS_KEY github-user: GITHUB_USER

@entelin Жыл бұрын

So you mean storing all your secrets in an unencrypted text file and copy/pasting everywhere isn't best practice?

@DevOpsToolkit Жыл бұрын

Yeah. That is a common practice 🙂 it's just that i sometimes go against what others are doing 😄

@aushafy Жыл бұрын

actually this is like another secret injector/fetcher like Vals if you use helmfile, but how if our application doesn't use env variable ? instead of using config file based on yaml file ? is it possible to do that ?

@DevOpsToolkit Жыл бұрын

If you application is running in kubernetes, ESO is my choice. Teller is mostly for everything else, not a kubernetes operator.

@aushafy Жыл бұрын

@@DevOpsToolkit oh yeah you're right, I have read the official docs and teller just for cmd side which mean development activity

@fugazi84 Жыл бұрын

I've always taught that it's insecure to but password in ENV in a container....

@edb75001 Жыл бұрын

If they retrieve access to your container, it's already too late. If it's available to your service, it's available to the intruder, no matter how you present it. Embedded, they can do a simple hex edit on the binary and extract the string value of the secret. ENV, they can pull it easily from there too. CLI flag... history will show it easily there too. Stored in memory? They simply sideload an app that will dump the memory and pull the values. A secrets manager helps not just manage your secrets... but it's main purpose, besides a single resource for all your secrets, is to keep it out of repos and local dev environments but still accessible to your containers.

@fordneild2372 Жыл бұрын

🧠