Lately, I’ve been thinking of implementing a secrets management system such as Infiscal, etc. Does anyone use this or something similar like Hashicorp?
How hard would it be to deploy on a pre-existing set up? How does that work? Do you call the required secret in your Docker compose? What makes a secret manager more secure than pulling secrets from an .env file?
Which secret manager is the most popular/better among selfhosters?
I think it’s overkill for homelab and over complex/additional failure points.
I use sops encrypted, published in my public git. When I apply my nix config, they are pulled and unencrypted on apply on the local machine.
Keeps it as simple as I can think of, with few moving parts.
How about a remote VPS?