For the best experience on desktop, install the Chrome extension to track your reading on news.ycombinator.com
Hacker Newsnew | past | comments | ask | show | jobs | submit | history | maidul's commentsregister

Frankly, I think it will take years to replace API-keys (if it will ever happen). Developers are much better-off using CLI tools that prevent leaking secrets by blocking commits to git (e.g., https://github.com/Infisical/infisical or https://github.com/trufflesecurity/trufflehog)


I don't think those are mutually exclusive options :) Most developers, especially with lots of legacy apps are better off using a secrets manager. But there is no reason to not push the boundaries of security for new software and onboard passwordless and secretless options.

P.S.

I tried Infisical a couple of months ago. I think if I was Hashicorp Vault team's PM, I'd be worried. Your team has done such a great job at U.X. I was astonished to see an early startup with such a great integration catalog. I think you aced it - modern developers are desperate for out of the box integrations with 100+ services they have to use every day.


Wow! Thanks you Alex. This feedback means a lot coming from you! We're huge fans of Teleport, and learned a lot from you as a fellow YC company :)


No problem! Keep it up with out of the box integrations, focus on U.X. and developer experience and I think you will be on track to become as big or bigger than Hashicorp :)


Thank you!


The Kubernetes integration allows you to periodically fetch secrets from an Infisical project and save them to a native Kubernetes secret. You simply specify the service token that should be used to retrieve the secrets from infisical and the operator handles the rest. Read more about it here! https://infisical.com/docs/integrations/platforms/kubernetes


Thank you for the feedback. We are actually planning to have a second repo created that mirrors the main repo soon!


Yes, if you have integrations set up (docker, kubernetes, etc.) then those secrets in the store will be synced to the respective environment


Thank you. I wasn't asking whether the product could do that through integrations but whether it operates insecurely by default.


Infisical is secure by default :)

It really depends on how you set it up. If you prefer, you can choose to split non-sensitive environment variables and sensitive secrets into different projects - and use them for different purposes / in different ways.


No, you seem to use the term "secure by default" in a different way as it is expected by industry standards. Please re-align your view.


It very much sounds like security is an after thought.

Seems cool if you need to sync env vars, but you should probably just be using battle tested etcd+confd or console+console template.

This product seems to be based on some incredibly misguided principles (from a security perspective). I don’t think a technology like this has any place in a modern enterprise.

Part of the whole point of using a secret manager is to avoid storing them in environment variables.

That coupled with the lack of an API and the use of MongoDB are just too many red flags for me to ignore.


Thanks - sometimes it is so helpful to see other publish your own thoughts. I was wondering why such a product is posted here.


Looks pretty neat. Always blown away by what people can do with CSS. Meanwhile I have to look up how to center a div vertically


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search:

HN For You