search

daytonaio / enterprise-docs

https://www.daytona.io/docs
Apache License 2.0
8 stars 12 forks source link

Integration with secrets management services (like Vault, etc.) #147

Open ivan-burazin opened 1 month ago

ivan-burazin commented 1 month ago

For larger teams and even individual developers, maintaining secrets is a serious challenge. We need a way to maintain consistency around sharing and rotating secrets across projects. Implementing integration with external secret managers (e.g. Doppler, Valut, etc.) in Daytona would allow developers to work in more secure dev environments.

ivan-burazin commented 1 month ago

@zzorica need you to write up this draft so @stefanicjuraj can create the finished version

zzorica commented 1 month ago

For example integration with Vault in a workspace:

  1. Install Vault binary in the workspace (or we preinstall it)

    wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt update && sudo apt install vault

  2. Set Vault address and token

    export VAULT_ADDR='http://your_vault_addr_here:8200' 
export VAULT_TOKEN='your_root_token_here'

  3. Try to retrieve a secret

    vault kv get secret/mysecret

    Example for Doppler:

  4. Install Doopler binary

    sudo apt update && sudo apt install -y apt-transport-https ca-certificates curl gnupg
curl -sLf --retry 3 --tlsv1.2 --proto "=https" 'https://packages.doppler.com/public/cli/gpg.DE2A7741A397C129.key' | sudo gpg --dearmor -o /usr/share/keyrings/doppler-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/doppler-archive-keyring.gpg] https://packages.doppler.com/public/cli/deb/debian any-version main" | sudo tee /etc/apt/sources.list.d/doppler-cli.list
sudo apt update && sudo apt install doppler

  5. Get service token - https://docs.doppler.com/docs/service-tokens

  6. Authentication by passing token from step 2.

    echo 'your_service_token_here' | doppler configure set token --scope /
ivan-burazin commented 1 month ago

@stefanicjuraj we need to put Secrets in the left hand menu.

Here is the first but there will be more.

So secretes asn main menu and then Vault, doppler, etc in the right hand menu.

Not sure where it fits so open to your suggestions

https://www.datocms-assets.com/2885/1534364757-vault-black-back.png