Secrets management through vaults

[vipasane]

⚠️ Please verify that this feature request has NOT been suggested before.

• I checked and didn't find similar feature request

🏷️ Feature Request Type

Other

🔖 Feature description

Transparent way to use (or synchronize) secrets such as usernames, passwords, connection strings, API keys and certificates between different vaults without the need to to have yet another copy of these values to be maintained manually locally. This store should be independent, agnostic on which node is used to run this probing task and therefore it should be rather tied to identity which is running that service(s)

Integrating services listed below would be great deal for attracting enterprise users:

• HashiCorp Vault
• Azure Key Vault
• AWS Secrets Manager
• GCP Secret Manager

Justification:
SREs rarely know or even should know production environment secrets, especially in they are automatically rotated.
Therefore there is a need to just pick up token string representing the secret from a list.

✔️ Solution

All the available secrets from single (or all available vault connections) is shown as list where user can select secret to be used. These secrets are refreshed from vaults periodically or even fetched when needed.

❓ Alternatives

Background service which will track changes in targeted (pre-configured) vaults and synchronizes changes in local encrypted cache.

📝 Additional Context

One practical example:
a .net way of tracking configuration changes https://learn.microsoft.com/en-us/azure/azure-app-configuration/reload-key-vault-secrets-dotnet