Immediately after switching the page, it will work with CSR.
Please reload your browser to see how it works.
My wants:
- Secrets not visible by inspecting process env vars (/proc/PID/environ).
- No secrets on disk (encrypted is fine).
In my day job, we use AWS SSM. It works great. For my home network, I just put secrets on my docker-compose.yaml. Obviously I shouldn't but I can't find a better solution.
Can someone link something that explains it like I have 20 years in IT but I'm clueless.
I can't get past the fact that a key has to exist somewhere, a key that will give you some sort of access to a secret. So how is it any better if the key already exists in the CI/CD pipeline variables?
Another thing I'm curious about is rotation, which on paper is amazing but in practice would require your vault to have sysadmin access to all your systems, in order to do rotation. It just seems like a tall order to integrate.