Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integration with secrets management services (like Vault, etc.) #147

Open
ivan-burazin opened this issue Sep 30, 2024 · 3 comments · May be fixed by #158
Open

Integration with secrets management services (like Vault, etc.) #147

ivan-burazin opened this issue Sep 30, 2024 · 3 comments · May be fixed by #158
Assignees
@zzorica

Comments

@ivan-burazin
Copy link
Member

For larger teams and even individual developers, maintaining secrets is a serious challenge. We need a way to maintain consistency around sharing and rotating secrets across projects.
Implementing integration with external secret managers (e.g. Doppler, Valut, etc.) in Daytona would allow developers to work in more secure dev environments.
@ivan-burazin
Copy link
Member Author

@zzorica need you to write up this draft so @stefanicjuraj can create the finished version

@zzorica
Copy link

zzorica commented Oct 3, 2024
edited
Loading

For example integration with Vault in a workspace:

  1. Install Vault binary in the workspace (or we preinstall it)
wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt update && sudo apt install vault
  1. Set Vault address and token
export VAULT_ADDR='http://your_vault_addr_here:8200' 
export VAULT_TOKEN='your_root_token_here'
  1. Try to retrieve a secret
vault kv get secret/mysecret

Example for Doppler:

  1. Install Doopler binary
sudo apt update && sudo apt install -y apt-transport-https ca-certificates curl gnupg
curl -sLf --retry 3 --tlsv1.2 --proto "=https" 'https://packages.doppler.com/public/cli/gpg.DE2A7741A397C129.key' | sudo gpg --dearmor -o /usr/share/keyrings/doppler-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/doppler-archive-keyring.gpg] https://packages.doppler.com/public/cli/deb/debian any-version main" | sudo tee /etc/apt/sources.list.d/doppler-cli.list
sudo apt update && sudo apt install doppler

  1. Get service token - https://docs.doppler.com/docs/service-tokens

  2. Authentication by passing token from step 2.

echo 'your_service_token_here' | doppler configure set token --scope /

@ivan-burazin
Copy link
Member Author

@stefanicjuraj we need to put Secrets in the left hand menu.

Here is the first but there will be more.

So secretes asn main menu and then Vault, doppler, etc in the right hand menu.

Not sure where it fits so open to your suggestions

https://www.datocms-assets.com/2885/1534364757-vault-black-back.png

@stefanicjuraj stefanicjuraj linked a pull request Oct 5, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zzorica zzorica

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

docs: add secrets management (vault & doppler) stefanicjuraj/enterprise-docs
2 participants
@ivan-burazin @zzorica