we starting to use the vault, but now we are stuck at a problem.
Our app using a API and the API needs a secret.
In our k8s- and gitlab-work it works very well, that we can inject the secret via vault.
But … how can we inject vault-secrets into a local environment?
We want something like this:
- DEV checking out project (which has none secrets)
- DEV starting the application (via Intellij)
- One component recognizes, that the secret is not there.
- The component open vault-login interface.
- DEV enters his data and the received token will be forwarded to the component.
- The component will extract all required information from vault and put it to the application (as file or environment-vars)
The process will ensure that,
- no secrets has to be in git-repo
- only authorized devs will get the secret
- rolling-updates of secrets are possible