• RandomDevOpsDude@programming.devM
    link
    fedilink
    English
    arrow-up
    1
    ·
    9 个月前

    I prefer Sealed Secrets over sops since it has the namespace scoping element and can also be stored in repo (once encrypted). I also generally prefer having a controller deployed rather than forcing devs to learn kustomize (which we don’t widely use yet) so I guess less of a support burden for me.

    • z3r0@lemmy.zip
      link
      fedilink
      arrow-up
      2
      ·
      9 个月前

      I understand your point. Anyway, if your devs are using Helm they can still use Sops with the helm-secrets plugin. Just create a separated values file (can be named as secrets.yaml) contaning all sensitive values and encrypt it with Sops.

      • RandomDevOpsDude@programming.devM
        link
        fedilink
        English
        arrow-up
        1
        ·
        9 个月前

        Thanks for sharing! I definitely hadn’t seen that plugin. We definitely use helm, even though I hate it lol. I will take a look when I get around to looking at external secrets since I still haven’t had a chance to (you know how it goes… priorities made up by some random PM or whatever)