A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
Lately, I've been thinking of implementing a secrets management system such as Infiscal, etc. Does anyone use this or something similar like Hashicorp?
How hard would it be to deploy on a pre-existing set up? How does that work? Do you call the required secret in your Docker compose? What makes a secret manager more secure than pulling secrets from an .env file?
Which secret manager is the most popular/better among selfhosters?
I think it's overkill for homelab and over complex/additional failure points.
I use sops encrypted, published in my public git. When I apply my nix config, they are pulled and unencrypted on apply on the local machine.
Keeps it as simple as I can think of, with few moving parts.
How about a remote VPS?
Depends on the circumstances tbh. Things like sops do load the secret unencrypted on the machine (with perms but still unencrypted. For remote VPS encrypted at rest is probably better. K8S has secret management but there unencrypted too.
Another alternative could be using Doppler secrets managment platform, I used it for a while