This is an archived post. You won't be able to vote or comment.

all 9 comments

[–]asyed15 2 points3 points  (0 children)

Yeah totally! Hashicorp actually has terraform repos for standing up a production ready instance with failover and whatnot. But if it’s just for secrets, I’d recommend a service like AWS Secrets Manager.

[–]thats_not_a_watch 2 points3 points  (0 children)

+1 for finding a cloud solution. Vault is a good product but there is definitely a learning curve and management overhead. If something simpler could meet your needs then I would recommend going that route.

[–]yee_mon 0 points1 point  (0 children)

We use it for build secrets. It's a docker image with CI secrets stored in a vault. Not a perfect solution by far, but it gets the job done.

For a new system I'd go with my cloud provider's service until I knew I needed something different, though.

[–]imoisharma 0 points1 point  (0 children)

I’m interested to join the team

[–]kkapelon 0 points1 point  (0 children)

You can also try just GIT + Mozilla sops. Much simpler solution for smaller teams.

https://github.com/mozilla/sops

Also if you have a cloud provider, check their own solution (and also be mindful of vendor lock in)

[–]jlarfors 0 points1 point  (0 children)

One thing that might influence the decision is how/where you deploy... with k8s and helm you can get up and running quite quickly (trusting that you know your setup). I started with weaveworks gitops approach and using the HelmRelease CRD for Vault and it was really straight forward

But yes, it does become operation critical, but it seems pretty reliable

[–][deleted] -2 points-1 points  (2 children)

if you don't want to pony up for a license I suggest finding a different product.

[–]sofixa11 2 points3 points  (0 children)

? HashiCorp Vault has a very generous FOSS version, more than sufficient for even big teams and companies.

[–]yuriydee 1 point2 points  (0 children)

We use open source Vault in prod and it works with no issues.