We’ve been working with Balena for quite some time now and currently we are looking for a good option to share secrets like passwords, SSH private keys, SSL certificates, or another pieces of data between containers. With docker swarm there is the option of sharing secrets:
How could we achieve a similar thing with balena? I’ve looked at multiple options one that was particularly interesting is Vault by HashiCorp
I will have a closer look at Vault but it seems a bit overkill for our needs. Maybe we can strip it down to only expose the REST API.
We could maybe use keyring as well. But there we might have to write our own microservice.
What is your recommendation did anyone else come across this problem as well? How did you manage key rotation?
I am happy to hear about your solutions and we are willing to openly share what our conclusions are.