Need a better way to pass secrets

[guidowb]

Many are uncomfortable with having secrets passed in environment variables. A better way (maybe for all properties) would be to write them into a bosh-deployed secrets file, whose path is then passed to the application in an environment variable.

We'll have to maintain backward compatibility for applications that expect them in the environment.

[mboldt]

We could use the environment file we give to docker-bosh jobs for this (template tile_generator/templates/jobs/opsmgr.env.erb). It has all the environment variables in it, in name=value form with no escaping so would be easy to parse in an app.

We can pass all jobs an environment variable with a pointer to this file, say OPSMGR_ENV_FILE, and then we can add a flag to tile.yml to suppress passing the (potentially secret) environment variables in, say opsmgr-env-vars: false.

[mboldt]

Even if we have a secrets file for these environment variables, credentials for bound services are still in the app's environment. We recommend careful org/space management to avoid secrets getting into the wrong hands.