Reputation: 1
Convox Environment for secret management-evaluation
I am using convox to store secrets, it seems it uses env variables to do that and I am not sure if tha is enough of I need to evaluate another tool such aws or vault
do you have thought about Convox secret management? any recommendation? any other tool?
Upvotes: 0
Views: 127
Answers (2)
Reputation: 11
I've been using Convox for a while and I would say that it is enough to manage your secrets. Given it is an open-source tool(https://github.com/convox/convox) they are pretty transparent with how they manage everything inside your cluster.
Upvotes: 1
Reputation: 46
Convox recommends the standard pattern of injecting secrets into your services through env variables. If you dig in, the variables are stored very securely. v2 Racks (built on ECS) will use AWS KMS to store encryption keys and everything is stored encrypted on S3. v3 Racks (built on EKS/GKE/AKS/etc) will use Kubernetes' built-in Secrets to store your variables securely inside the cluster.
Most users seem to get on fine just with that! You can integrate with another external tool if you want and inject your variables through the Convox CLI (convox env set and convox env edit being a couple of appropriate commands).
Upvotes: 2
Related Questions
- Parsing secrets from AWS secrets manager using AWS cli
- Using AWS Secrets Manager with Python (Lambda Console)
- Secrets Rotation using AWS Lambda and the AWS SDK for Java
- Alternatives of/Configuring AWS secrets manager
- AWS Secret Manager Update
- How do I deploy my AWS Secret Manager retrieval code in production with AWS CLI?
- How to manage AWS Secret Keys for local development
- AWS Secret Manager best Practice
- AWS and secrets (Systems Manager, Secrets Manager, Key Management Service)
- Storing secrets in AWS Lambda package