I am doubling a little bit as a DevOps in the company where I am now. Recently I showed them the 12 factor app standard, that specifies you should not have your ENV, config and passwords inside your git repository together with your project - you should store them in a safe place instead.
After some research we came across Vault however our team manager now thinks this is quite overkill and will soon become a monster.
Torus seemed a good alternative but the install page doesn’t even work, will be payed and it looks like it only runs for Node.
I also read this discussion but there is no definitive answer:
- What tools do you use to store your secrets?
- How do you your apps access them?