Secrets architecture

We’re currently exploring the usage of secrets-bridge with Vault. The advisable architecture can be found here.

Regarding this architecture we have a few questions:

  • should Vault be running:
  • in Rancher and if so:
    • should it be running on it’s own Rancher server;
    • can be run on the same one, but in a another environment;
  • outside Rancher, in another managed environment;
  • should secrets-bridge be running:
  • on another environment, within the same Rancher server;
  • on it’s own Rancher server.

What is advisable and why?

1 Like