Secrets management is closley related to configuration management. You want to make sure you:
So where do you put secrets?
The key options are
For secrets management for container hosting, we use the Amber Secrets tool to manage container secrets.
The nice thing about amber is that you only have 1 secret to manage - called the `AMBER_KEY`, and only that single secret gets entered into your CI/CD pipeline tool (e.g. Github Actions, Jenkins , Azure Devops etc).
If you've used these Devops platforms a lot, you'll know how cumbersome it can be enter multiple secrets into the various UIs,
secrets management becomes 'clickops' and not automated. By using a programatic tool, you can easily version your secrets, and
even rotate them with an audit trail of your git history- remember the secrets are encrypted using your `AMBER_KEY`
Recommended reading is The Twelve-Factor App- III. Config page since that
goes over much of the topics covered here.
When you host a Docker container with content hosting, you get Amber setup for you already to manage secrets.
There are an overwhelming amount of options for secrets management for docker containers (and remember, that's just a brand name,
see what is container hosting?.
Some options include:
The key takeaway is to manage secrets and control them carefully- ideally rotate them often. The tools change quite rapidly but the important concepts tend not to as much.