Hey guys, wanted to get your take on best practice to manage secrets management securely and operationally easy. We currently have a b2b product where…
- each client is single tenant (has a set of ~100 configuration variables for their environment)
- we use 1password and keyvault to store secrets, and have a local script to update keyvault with the latest config on 1pass
- helm charts, Kubernetes CSI secrets store (for KV → secrets pull per pod spin up)
- with more clients, updating secrets globally across all clients is getting more untenanble
Are there secure solutions out there that would make our lives easier? (i.e. secrets update across all client secretsclient1/secret1
,client2/secret1
without having to propagate it everywhere manually). Writing more scripts could work, but we’d prefer to learn the best practice. Preferably within Azure / Hashicorp land to keep our SBOM small.