Option 2: Vault is running in prod. Dockerfile comes with backed in secret (or reads the secret from VM/hardware) to query user secret from vault.
Option 3: Metal stores a secret key, that is exposed to VMs. User secrets are stored encrypted per env in github.
Option 4: get Secret from a service
bob5ec
commented
5 years ago
Option 2: Vault is running in prod. Dockerfile comes with backed in secret (or reads the secret from VM/hardware) to query user secret from vault. Option 3: Metal stores a secret key, that is exposed to VMs. User secrets are stored encrypted per env in github. Option 4: get Secret from a service