What's your workflow to pass cloud secrets/config metadata to apps safely?
I’ve been doing DevOps for about 9 years, and I keep seeing the same mess repeat itself:
- Terraform or Pulumi outputs → Vault/KMS → CI replaces values in YAML → K8s secrets operator injects env vars → app starts → DATABASE_PASSWORD typo, chaos ensues.
- Copy-pasted creds from Slack or Teams.
- Secrets/configs left in plaintext files or repos.
- Password managers with outdated entries that no one really trusts.
As a developer, what frustrates me most is the lack of predictability. Between Terraform, Vaults, pipelines, and operators, it’s often unclear who “owns” the truth — and every layer can quietly introduce drift.
So I’m curious:
- How are you handling that handoff today? - Are you still pushing everything through Vault + env vars, or have you built something cleaner? - What has actually worked for you in production — and what’s bitten you later?
Would love to hear some real war stories or simple patterns that actually hold up over time.
No comments yet.