ARD04: Secrets Management
Status
Accepted
Context
We need a consistent, supported method for managing sensitive information needed to facilitate secure communications between deployed components.
Decision
Use 1Password.
Rationale
- 1Password is a ubiquitous, trusted, security credentials management system.
- It has well documented and supported API’s and CLI tool.
- Tim and Renee have used it for years to manage their personal credentials; we are familiar with using it.
- Both can read and maintain the ‘home lab’ related secrets and configuration choices stored in dedicated vaults.
- The information can be retrieved programmatically during system build and recovery. Documentation can reference where the information lives.
Consequences
- Credentials and configuration management information is stored in a central, secure location.