What is a simple and secure tool to manage secrets and credentials for a small startup? How do you do it? This is not a core of the business. It should be easy to use and configure so a paid service would also be good. Consider the the following typical situation: 1. Small startup with about 10 technical people. 2. One or two are responsible for the infrastructure in the cloud like AWS, Azure, … 3. There are also other third party services like Cloudflare, Datadog, … 4. Everything (AWS, Datadog, …) is managed with IaC tools like Terraform, Pulumi, (Ansible). These tools need secrets to work. The simplest way for giving the secrets to the tools is via environment variables or .env files. 5. People work on their own devices. So security cannot be absolutely guaranteed. So I guess MFA and generated temporary tokens should be used if possible. To generate temporary tokens the secrets management service has to work e.g. with AWS. 6. Optional: It would be good if Terraform can also be run in the CI/CD pipeline but only after confirmation of one of the 2 infrastructure persons. 7. Optional: It would be good if developers get credentials to setup small test environments in AWS. You can create IAM roles that only allow to create these, but you still have to manage the secrets for these. 8. Bonus: How to manage non-technical secrets, e.g. credentials for web shops to order supplies? Multiple people would have to order something. Store it all on a confluence page?
Story Published at: March 5, 2023 at 09:08PM
Story Published at: March 5, 2023 at 09:08PM