inject secrets (API keys etc) into node js project

Question

I'm migrating a nodeJS project from GCP to DigitalOcean.

I'm running this nodeJS code on a kubernetes cluster in DigitalOcean. I'm using GitHub Actions to automatically build a docker image and deploy it to my kubernetes cluster. Everything works as expected, but I have a question.

On GCP, I used the secret manager to inject secrets (database credentials, API keys, ...) into my NodeJS project. I am looking for a similar solution on DigitalOcean. I have found SecretHub, it looks interesting but I'm unable to sign up.

I have found this from 1password connect, but it looks like I have to setup a server?

Does anyone know some interesting tool or trick to secure inject secrets into my nodejs code?

Answer 1

Yes, you can check out the Hashi corp vault which is mainly used with Kubernetes as a secret solution to inject the configuration and variables to the deployment of Kubernetes.

It's easy to set up and integrate with Kubernetes.

Hashi corp vault : https://www.hashicorp.com/products/vault

Enterprise version is paid one however you can open-source version which will solve your all needs with UI and login panel, you can use it for Production purpose it's safe, secure, and easy to integrate.

You can run one simple POD(deployment) on the Kubernetes server.

here you can follow the demo with minikube setup: https://learn.hashicorp.com/tutorials/vault/kubernetes-minikube?in=vault/kubernetes