Closed esune closed 6 months ago
FYI @WadeBarnes @i5okie
Platform services host instances of Hashicorp Vault and Argo CD. The plan so far is to at least use Hashicorp Vault to provide better secrets management and open the door to automated key/password rotation for our services. This allows machine managed access to services. For example if we use these features on a postgres database, a developer would have to be granted permissions to get a temporal password to access the system. We are also looking into using 1Password Secrets Automation to integrate with Vault to provide better secrets management from a team perspective, allowing credentials to be updated in 1Password and automatically distributed to our various environments and platforms.
Assigned to @i5okie
Closing this as we're addressing in https://github.com/bcgov/DITP-DevOps/issues/158
Evaluate options for more efficient secret management in our Helm Charts (currently Traction and VC-AuthN).
Some of the options to evaluate are:
Things to consider when evaluating:
Acceptance Criteria: Document (as part of this issue, or HackMD) the pros/cons of the above options (and potentially others not listed) so that a recommendation on what the next steps should be can be made.