AIO Secrets Strategy #461
Labels
No labels
ansible
bug
docker
duplicate
enhancement
help wanted
invalid
kubernetes
opentofu
packer
question
renovate
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: mafyuh/iac#461
Loading…
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Currently secrets are all over the place. I refuse to push even encrypted secrets to Git.
.env
terraform.tfvars
Want to use Bitwarden Secrets as the main source and have all things pull from here.
OpenTofu
Can use something like bws-cache to lookup by secret name and not ID, similar to this script and calling them like this
Forgejo (workflows)
Already "done" as shown here, but need to improve, have to manually map the ID's to names still
Docker Hosts
Going to have to get creative, but probably can utilize bws-cache and export them either to system or to the right .env file, maybe even switch from Docker Compose to using Tofu to deploy the docker containers to utilize Tofu's secret management
Packer
TBD
Kubernetes
TBD