Generate and store secrets properly w/ vault #2
Description
Looks like I can store & generate secrets in Vault, use terraform to read secrets from it as terraform variables, and dump it into a file (rather than an environment variable). This should with with docker-compose: dump secrets into respective .env files, and "mount" those .env files onto docker-compose to expose secrets with environment variables at the application level but not the system level (plus, this should also work with non-vault secrets like cloudflare).
https://registry.terraform.io/providers/hashicorp/vault/latest/docs
https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file
- How to "migrate" secrets, especially for mysql?
- How to store vault secret in the server? (chicken and egg problem)
- Where am I going to host Vault, how am I going to secure it?