How to store and retrieve my secrets in a linux server?
How to store and retrieve my secrets in a linux server?
All guides to deploy using docker mention typing your keys/credentials/secrets into the docker compose file, or use a .env or similar file, I'm wondering how secure is this and if there's a better option.
Also, this has the issue of having to get into the server to manage them, remembering which file has each credential.
Is there a selfhostable secrets manager? I've only found proprietary/paid ones for large infrastructures and I just need it for a couple of my servers/projects.
There’s also Infisical if you don’t want to run Vault
https://github.com/Infisical/infisical
I personally use Ansible to deploy my .env files to my Docker host. The .env files are encrypted in Ansible Vault and deployed to the server as chmod 400 so only I can access them.
8+1 for Ansible Vault
1
Perhaps look into hashicorp vault
7seconded for hashicorp, you can do secrets and env vars while cutting your teeth but you should be on a path to learning and setting up secure secrets vaults.
4I wish there was something between hashicorp vault and keepass. I want a nice simple UI that even my family could use with Terraform integration. Anyone know of such a program?
1
The suggestions here are good for production. Over used aws secret manager and hashicorp vault before and both did everything we needed.
I find they're too much firepower for selfhosted, and prefer pass
Simple commandline tool, backed by a gpg encrypted git repo. Perfect for small use cases!
2