Docker shouldn't affect your secrets management because secrets shouldn't be bak... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		slow_donkey on June 3, 2018 \| parent \| context \| favorite \| on: Ask HN: What's your favorite way of getting a web ... Docker shouldn't affect your secrets management because secrets shouldn't be baked into your image anyways. I tend to expose them as environment vars and currently use Kubernetes to expose a keyvault url/password so the app can automatically grab all the secrets

jsmeaton on June 4, 2018 [–]

We manage them with env vars now. But we use salt (encrypted) to deploy a secrets file onto the server which is sourced before the app is started. With something like ECS I didn’t know if you could feed it an env file, and if you could, how you could make it available.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact