The disadvantage to GitLab is to get the feature mentioned is you need to pay for the premium version. We host it ourselves and looking to buy the Enterprise version to get us the vault integrations (specifically AKV)
replyAhh, yup! The RunSecret CLI is completely free and open source.
replyAzure KeyVault support is in progress and should land soon. I will notate it in the release changelog once it’s ready, but I’m also happy to reply here or let you know another way if you are interested!
Will monitor your progress
replyAlso be interesting to see what trufflehog finds (should be false positive)
https://github.com/trufflesecurity/trufflehog
Where are you storing the creds to get the secret from the vault?
This is the secret zero problem and other platforms solve it in other ways such as HSM
Yea that is a hard problem to solve. Right now RunSecret depends on the host system (your laptop, CI runner, or application container) having access to the secret vault(s) of choice that you reference. This can be through ENV VARS, OIDC, or IAM roles (in some cases) but currently there is no HSM support.
replyNo worries, interesting way to solve this problem!
reply