#Lab: Secret Management
Implement secure secret management.
#🎯 Objectives
- Store secrets securely
- Use environment-based secrets
- Integrate with application
#Task 1: HashiCorp Vault (dev mode)
bash
1# Run Vault in dev mode
2docker run -d \
3 --name vault \
4 -p 8200:8200 \
5 -e 'VAULT_DEV_ROOT_TOKEN_ID=myroot' \
6 hashicorp/vault
7
8# Configure
9export VAULT_ADDR='http://127.0.0.1:8200'
10export VAULT_TOKEN='myroot'
11
12# Store secret
13vault kv put secret/myapp db_password=supersecret
14
15# Read secret
16vault kv get secret/myapp#Task 2: SOPS Encryption
bash
1# Install SOPS and AGE
2brew install sops age
3
4# Generate key
5age-keygen -o key.txt
6
7# Create secrets file
8cat > secrets.yaml << EOF
9database:
10 password: supersecret
11api:
12 key: myapikey
13EOF
14
15# Encrypt
16SOPS_AGE_KEY_FILE=key.txt sops -e secrets.yaml > secrets.enc.yaml#✅ Success Criteria
- Vault stores and retrieves secrets
- SOPS encrypts files
- No plaintext secrets in code