I am using convox to store secrets, it seems it uses env variables to do that and I am not sure if tha is enough of I need to evaluate another tool such aws or vault
do you have thought about Convox secret management? any recommendation? any other tool?
Convox recommends the standard pattern of injecting secrets into your services through env variables. If you dig in, the variables are stored very securely. v2 Racks (built on ECS) will use AWS KMS to store encryption keys and everything is stored encrypted on S3. v3 Racks (built on EKS/GKE/AKS/etc) will use Kubernetes' built-in Secrets to store your variables securely inside the cluster.
Most users seem to get on fine just with that! You can integrate with another external tool if you want and inject your variables through the Convox CLI (
convox env set
andconvox env edit
being a couple of appropriate commands).