Show HN: Open-source alternative to HashiCorp/IBM ...

[akshayKMR]

Has anyone built or know of a convenient secrets management/workflow for services deployed by systemd?

My wants:

- Secrets not visible by inspecting process env vars (/proc/PID/environ).

- No secrets on disk (encrypted is fine).

[MadnessASAP]

*Trigger warning: systemd*

systemd does that, SetCredentialEncrypted= https://www.freedesktop.org/software/systemd/man/latest/syst...

Provide a TPM encrypted credential (made by systemd-cred) and it will be decrypted and placed in a memory backed file within a private namespace mount.