So I’m trying to figure out how to properly hide my application secrets once deployed in production and found out about Secret Management System and settled with HashiCorp Vault. I am able to successfully hide secrets and retrieve them using VaultSharp. Now my problem is the so called Secret Zero Challenge. My implementation will be all on premise, thus AWS and the like are out of scope. And I think Terraform with the help of Vault Agent might do the job? There’s a sample code from HashiCorp repo but I have no idea and haven’t found any comprehensive guides online on how to setup the Trusted Orchestrator and response wrapping that was mentioned from the sample code.
I am hosting my vault server in an Ubuntu Server and plans to deploy the application in a separate VM.
Thank you in advance.