Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hello, in our application, kratos is deployed using <https://k8s.ory.sh/helm/kratos.html|helm charts> under kubernetes. Currently the environment settings like DSN,  which has DB username and password, is passed using <https://kubernetes.io/docs/concepts/configuration/secret/|k8s secrets>. Since the secrets are storing as base64 encoded, it remains less secured, is there any way to pass sensitive environment data securely to kratos? Please share your thoughts.

<@U01S47T23PE> We store our secrets in Hashicorp Vault and deploy Kratos using Terraform (with the <https://registry.terraform.io/providers/hashicorp/helm/latest|helm module>) and retrieve the secret in Terraform using the <https://registry.terraform.io/providers/hashicorp/vault/latest/docs|vault module> with a vault-token that has limited access policies.

Thanks <@U01QRLJQM1N>, I will give it a try with key vault and see.