Secrets Made My Life Miserable - Consume Secrets Easily With Teller
Vložit
- čas přidán 31. 05. 2024
- Secrets were making my life miserable... until now.
Consume secrets with the CNCF project Teller.
#cncf #secrets #teller
Consider joining the channel: / devopstoolkit
▬▬▬▬▬▬ 🔗 Additional Info 🔗 ▬▬▬▬▬▬
➡ Gist with the commands: gist.github.com/vfarcic/42d96...
🔗 Teller: tlr.dev
🎬 Manage Kubernetes Secrets With External Secrets Operator (ESO): • Manage Kubernetes Secr...
🎬 SchemaHero - Database Schema Migrations Inside Kubernetes: • SchemaHero - Database ...
🎬 How To Inspect, Plan, Migrate DB Schemas With Atlas: • How To Inspect, Plan, ...
▬▬▬▬▬▬ 💰 Sponsoships 💰 ▬▬▬▬▬▬
If you are interested in sponsoring this channel, please use calendly.com/vfarcic/meet to book a timeslot that suits you, and we'll go over the details. Or feel free to contact me over Twitter or LinkedIn (see below).
▬▬▬▬▬▬ 👋 Contact me 👋 ▬▬▬▬▬▬
➡ Twitter: / vfarcic
➡ LinkedIn: / viktorfarcic
▬▬▬▬▬▬ 🚀 Other Channels 🚀 ▬▬▬▬▬▬
🎤 Podcast: www.devopsparadox.com/
💬 Live streams: / devopsparadox
▬▬▬▬▬▬ ⏱ Timecodes ⏱ ▬▬▬▬▬▬
00:00 Introduction to Secrets Consumption
02:40 Secrets From a Terminal With Teller
06:10 Secrets For App Development With Teller
08:28 Secrets For Docker With Teller
10:08 There's More To Teller...
12:21 Teller Pros And Cons - Věda a technologie
How do you consume secrets (excluding Kubernetes)?
I use Doppler. Doppler cli can inject secrets as ENV vars exactly like Teller.
github.com/helmfile/vals is pretty similar
I save them on a MicroSD card and gulp them down with a nice beer.
Jokes aside, I use bitwarden secrets manager because it is less complex and has far better pricing for a very small business like mine.
I'm interested in seeing the new way to manage DB schemas.
Thank you so much for your efforts.
🎉 thanks for the video, I'd also like to have a video about managing database schemas!
I have so many ideas! Thanks for sharing this.
This is revolutionary!!
Great tool thanks Victor since you are reviewing Teller for managing secrets can you please review Doppler?
Adding it to my to-do list... 🙂
thanks for sharing! great content as always
keep up the good work, may I ask which country are you from?
I was born in Serbia but I spent most of my life in Spain (barcelona).
What do you think about vals and vals-operator?
I haven't used it. Judging by a quick glance it seems it's similar to external secrets operator.
I've always taught that it's insecure to but password in ENV in a container....
If they retrieve access to your container, it's already too late. If it's available to your service, it's available to the intruder, no matter how you present it. Embedded, they can do a simple hex edit on the binary and extract the string value of the secret. ENV, they can pull it easily from there too. CLI flag... history will show it easily there too. Stored in memory? They simply sideload an app that will dump the memory and pull the values.
A secrets manager helps not just manage your secrets... but it's main purpose, besides a single resource for all your secrets, is to keep it out of repos and local dev environments but still accessible to your containers.
🧠
actually this is like another secret injector/fetcher like Vals if you use helmfile, but how if our application doesn't use env variable ? instead of using config file based on yaml file ? is it possible to do that ?
If you application is running in kubernetes, ESO is my choice. Teller is mostly for everything else, not a kubernetes operator.
@@DevOpsToolkit oh yeah you're right, I have read the official docs and teller just for cmd side which mean development activity
So you mean storing all your secrets in an unencrypted text file and copy/pasting everywhere isn't best practice?
Yeah. That is a common practice 🙂 it's just that i sometimes go against what others are doing 😄
He said docker containers!!!!