Secrets

If you read my previous post introducing Spelunk, you already know: fetching secret from any source should be easy, especially for your users. Reading them from HashiCorp Vault, Kubernetes or whatever should be easy to. If they where JSON objects, extracting specific fields should be easy. Switching between a secret providers should (repeat with me!) easy! Well, since the initial announcement, my pickaxe has been swinging non-stop in the Spelunk caves, and I unearthed two updates: v1.2.0 and v1.3.0! 🎉 ...

If your Team, Organization or Company is serious about where to keep credentials used by services (or to interact with them), they are likely in Kubernetes Secrets, Hashicorp Vault, one of the various cloud-based Secrets Managers, 1Password, etc. Then, when running locally, they might be in your Environment Variables, in a .env, in a file or just in plaintext in a script (naughty!). This might lead to services and tools written to deal with those different “secret provision scenarios”. Or tricky/brittle local setups. ...