I am using convox to store secrets, it seems it uses env variables to do that and I am not sure if tha is enough of I need to evaluate another tool such aws or vault
do you have thought about Convox secret management? any recommendation? any other tool?
On
I've been using Convox for a while and I would say that it is enough to manage your secrets. Given it is an open-source tool(https://github.com/convox/convox) they are pretty transparent with how they manage everything inside your cluster.
Convox recommends the standard pattern of injecting secrets into your services through env variables. If you dig in, the variables are stored very securely. v2 Racks (built on ECS) will use AWS KMS to store encryption keys and everything is stored encrypted on S3. v3 Racks (built on EKS/GKE/AKS/etc) will use Kubernetes' built-in Secrets to store your variables securely inside the cluster.
Most users seem to get on fine just with that! You can integrate with another external tool if you want and inject your variables through the Convox CLI (
convox env setandconvox env editbeing a couple of appropriate commands).