Had a need to manage secrets and access them in a number of different applications (edge, portal, backend) and contexts (development, deployment).
One solution:
- put your secrets in a repo named
secretsand encrypt with Ansible Vault - add the
secretsrepo as a submodule to all the repos that need access to credentials.
This keeps unencrypted credentials out of your Git repos and allows you to have one place and one mechanism to store and retrieve secrets. Submodules work well as they can easily extend an existing Git repo.