New ask Hacker News story: Ask HN: Why use secrets managers?
Ask HN: Why use secrets managers?
5 by boxysean | 0 comments on Hacker News.
I've come across a number of people recently who insist on storing their secrets (e.g., passwords, private keys, credentials) in a secrets manager such as HashiCorp Vault or AWS Secrets Manager. Intuitively, I believe this a good idea, but I would like to understand it better. Is this a new phenomenon, or something that’s been desirable in software since the advent of the industry? Where is this narrative coming from? Is this idea driven by security? Has it been proven to be a safer paradigm than storing keys in a variety of systems? Is the idea driven by management? Do folks charged with managing keys prefer to keep all of their keys under one roof so it's easier to keep tabs on, thereby reducing risk? Is this idea driven by policy? Does GDPR or other mandatory or optional regulatory frameworks imply a customer should control their secrets centrally? Is the idea driven by sales? Does Azure, GCP, AWS, and HashiCorp all have products that they earn additional $$$ with (pay-per-access and update), and are pushing their customers to use then? I'm curious to hear what others think or know. Thanks!
5 by boxysean | 0 comments on Hacker News.
I've come across a number of people recently who insist on storing their secrets (e.g., passwords, private keys, credentials) in a secrets manager such as HashiCorp Vault or AWS Secrets Manager. Intuitively, I believe this a good idea, but I would like to understand it better. Is this a new phenomenon, or something that’s been desirable in software since the advent of the industry? Where is this narrative coming from? Is this idea driven by security? Has it been proven to be a safer paradigm than storing keys in a variety of systems? Is the idea driven by management? Do folks charged with managing keys prefer to keep all of their keys under one roof so it's easier to keep tabs on, thereby reducing risk? Is this idea driven by policy? Does GDPR or other mandatory or optional regulatory frameworks imply a customer should control their secrets centrally? Is the idea driven by sales? Does Azure, GCP, AWS, and HashiCorp all have products that they earn additional $$$ with (pay-per-access and update), and are pushing their customers to use then? I'm curious to hear what others think or know. Thanks!
Comments
Post a Comment