https://www.ory.sh/ logo
m

many-potato-72695

02/03/2022, 10:27 PM
Hello, in our application, kratos is deployed using helm charts under kubernetes. Currently the environment settings like DSN, which has DB username and password, is passed using k8s secrets. Since the secrets are storing as base64 encoded, it remains less secured, is there any way to pass sensitive environment data securely to kratos? Please share your thoughts.
r

refined-iron-83200

02/04/2022, 5:53 PM
@User We store our secrets in Hashicorp Vault and deploy Kratos using Terraform (with the helm module) and retrieve the secret in Terraform using the vault module with a vault-token that has limited access policies.
m

many-potato-72695

02/04/2022, 7:46 PM
Thanks @User, I will give it a try with key vault and see.
2 Views