Swish talks to several services as of now (Mux, Algolia, GCS), and the number of tokens/keys/secrets it will have to keep track of will only grow as it's feature set grows. Passing secrets in as non-source-controlled environment variables worked fine for development, but a full Secrets Management solution should be implemented during the transition to K8 deployment.
Github Actions in combination with Github managed secrets made for a satisfactory solution. I'll reopen this image if something more powerful (i.e. Vault) is needed in the future.
Swish talks to several services as of now (Mux, Algolia, GCS), and the number of tokens/keys/secrets it will have to keep track of will only grow as it's feature set grows. Passing secrets in as non-source-controlled environment variables worked fine for development, but a full Secrets Management solution should be implemented during the transition to K8 deployment.
(From GitLab)