Handling secrets for applications in Platon PaaS

Many applications need access to secrets like passwords and cryptographic keys. There are several ways of handling this in Platon PaaS with varying degree of complexity.

Basic Alternatives

• Creating a secret with kubectl - This is a manual operation, but a simple way to do it.
• Fetching secrets from Vault in Gitlab CI/CD - Fetching secrets from Vault and using them in a Gitlab CI/CD pipeline with the Gitlab Vault integration.

Advanced alternatives

• Using the Vault Agent - Using the Vault Agent as an init/sidecar. This allows for features like templating and refreshing secrets.
• kdk - A Python based deployment method which has functionality for fetching secrets from Vault. See also hello-world-kdk.

See also

• Our Vault documentation for an overview of Vault and more information on how to use it for different use cases.