Post · bonfire.cafe

Sealed secrets seem to be much easier to set up and use than SOPS, at least for the homelab use case?

@clayton_oneill@mastodon.cloud replied · 2 weeks ago

@thibaultamartin I’m pretty happy with external secrets operator + 1password integration. They also have integrations with a ton of other provides if 1password isn’t your thing.

I used to use git-crypt and was always paranoid about accidentally committing an unencrypted password. Maybe sealed secrets/SOPS make that harder to do?

Sheogorath

@sheogorath@microblog.shivering-isles.com replied · 2 weeks ago

@thibaultamartin Mhm, not sure I would go down any bitnami routes these days :X

Zoë (english toots)

@OatPotato@hachyderm.io replied · 2 weeks ago

@thibaultamartin I use it in homelab, also used it in production for a client (well, it was just for some "bootstrap" secrets, the rest was using External Secrets"): works well.
Don't forget to securely and regulary backup the key(s) regulary (as it rotates monthly), rotate the secrets sometimes and you should be fine.

Thib

@thibaultamartin@mamot.fr replied · 2 weeks ago

@OatPotato yea I plan to use velero to backup my etcd, so the privkey should be backed up. Of course this will undergo proper testing before being rolled out in production :)

αxel simon ↙︎↙︎↙︎

@axx@mstdn.fr replied · 2 weeks ago

@thibaultamartin Having bashed my head against – and eventually managed to make work – sops-nix, please say it ain't so.

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.0-rc.3.1 no JS en

Automatic federation enabled