ARD04: Secrets Management

Status

Accepted

We need a consistent, supported method for managing sensitive information needed to facilitate secure communications between deployed components.

Use 1Password.

1Password is a ubiquitous, trusted, security credentials management system.
It has well documented and supported API’s and CLI tool.
Tim and Renee have used it for years to manage their personal credentials; we are familiar with using it.
Both can read and maintain the ‘home lab’ related secrets and configuration choices stored in dedicated vaults.
The information can be retrieved programmatically during system build and recovery. Documentation can reference where the information lives.

Credentials and configuration management information is stored in a central, secure location.