Closed mmorejon closed 1 year ago
+1 for the above and any patterns/best practice vis-a-vis the likes of SOPS, HashiCorp Vault, etc.
This topic will be covered by the @open-gitops/gitops-security content subgroup. If anyone wants to join and help, check out issue #128 to volunteer.
The management of sensitive information and its storage in version control systems such as Git involves additional complexity to avoid this data being in plain text.
Currently there are multiple systems whose mission is to cover this need, but the decision is not easy, there are differences depending on the platform used, storage costs, disaster recovery techniques, among other elements. I think it would be interesting and timely to identify how teams should approach this issue, such as: