SecretSpec: Declarative Secrets Management
9 months ago
- #secrets-management
- #devops
- #security
- Announcing SecretSpec for declarative secrets management, addressing issues with .env files.
- Problems with .env files: unclear parsing, manual password manager integration, vendor lock-in, and no encryption.
- Existing solutions like dotenvx or sops introduce challenges like single key management and trust issues.
- Larger teams use complex solutions like OpenBao, while smaller teams lack suitable options.
- SecretSpec separates concerns into WHAT (secrets needed), HOW (requirements), and WHERE (storage).
- Example usage: developers can use different providers (Keychain, GNOME Keyring, .env files) without code changes.
- Integration examples provided for local development, CI/CD (GitHub Actions), and production (Fly.io).
- Rust SDK offers type-safe access to secrets, with compile-time guarantees and optional secrets handling.
- Future plans include SDKs for other languages (Python, JavaScript, Go) and additional features.
- Encourages community feedback via Discord or GitHub to improve secret management practices.