I am looking for a way to provide secrets to a container running on Google Cloud Run responding to the following criteria:
- secure
- centralized & pulled based
- free
- simple
- working with a team, with various trust scopes
- host agnostic: changing 1 config will be the same on aws, gcp, azure
When starting a new project with containers, I always come to the point where I need to manage secrets, and I often find it difficult. My current solution is to store my secrets encrypted on a public git repository, and decrypt them inside the container, in the entry point script.
But I don't like so much installing gpg along with Django and it's dependencies. I am now thinking of running another container on the same network, which sole responsibility will be serving the config to the first container.
Is it secure ? Is there a better way ?