devops python

Secret stores

Marcelino Veloso III,

There appears to be a growing body of services/practices to help devs manage secrets and inject them into software.

As of now I'm aware of:

  1. Bitwarden Secrets Manager
  2. AWS Secrets Manager
  3. 1Password Secrets Automation
  4. Hashicorp Vault
  5. Passbolt
  6. Dotenv Vault
  7. Cloudflare Secrets Store

It'll be interesting to see which system emerges as the de facto method for storing, retrieving, and injecting secrets.

Consider for instance the level of level of ubiquity enjoyed by AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY with boto3? Cloudflare R2, it's attempt to compete with Amazon's S3, partially implements the S3 API using these same variable names.

1Password's local op:// convention convention appears to be something unique in that it relies on a more robust initialization step: configuring a secret the same way you would manage a password before using the same.