Problem
For the AES secret driver I still need to have somehow securely share the key between all people that want to reveal secrets. The other drivers require using a cloud provider.
Solution
I would like to be able to configure some public keys in the skipper config and then encrypt secrets using all those public keys.
Each one of the corresponding private keys can decrypt the secrets.
This way every participant only has to add their public key to the repository and no secret material needs to be exchanged.
Possible solutions could e.g. integrate gpg, age or sops.
Additional context
After changing the public keys, you should be able to reencrypt all the keys. Maybe even support to automatically rotate the secret if a public key was removed. Could be implemented in a separate PR/Issue.
Problem
For the AES secret driver I still need to have somehow securely share the key between all people that want to reveal secrets. The other drivers require using a cloud provider.
Solution
I would like to be able to configure some public keys in the skipper config and then encrypt secrets using all those public keys.
Each one of the corresponding private keys can decrypt the secrets.
This way every participant only has to add their public key to the repository and no secret material needs to be exchanged.
Possible solutions could e.g. integrate gpg, age or sops.
Additional context
After changing the public keys, you should be able to reencrypt all the keys. Maybe even support to automatically rotate the secret if a public key was removed. Could be implemented in a separate PR/Issue.