You don’t need HashiCorp’s Vault

There are a few things I dislike about the programming industry. Much of what programmers do is driven by fads and trends. There is a lot of cargo culting with little critical analysis. This is especially true when it comes to DevOps tools and practices. Today I’m going to argue that you don’t need to deploy and manage any kind of secret token management system, e.g. Vault, if your workloads are already running in the cloud. I’m going to argue that all you need is a set of GPG/AES keys and whatever key management system (KMS) is offered by your cloud provider. Google has Cloud KMS and Amazon has AWS KMS. I’m sure Microsoft has one too but the point is they’re all equivalent and basically have the same API. For the rest of this post I’m just going to generically refer to all these solutions as KMS. Continue reading