The Cloud Native Computing Foundation has identified top secrets management tools and trends based on its latest end user CNCF Technology Radar, which focused on secrets management in cloud-native settings. 

Typically CNCF’s Technology Radars gather feedback from the 140+ companies in the foundation’s End User Community to provide insights on tools used by that community. Previous topics included continuous delivery, observability, and database storage. 

“As the real-world experts running tools on the ground, end users provide invaluable feedback for improvements, bug fixes, and new feature additions,” said Cheryl Hung, vice president of ecosystem at the CNCF. “The Technology Radar takes advantage of the collective knowledge of the CNCF End User Community, the largest end user community of any open source foundation, to bubble up tools and technologies that organizations should consider now when building their cloud native applications.”

Secrets management involves the tools and techniques that companies use to manage credentials, such as APIs, keys, passwords, or tokens. According to the CNCF, managing secrets becomes more complicated as cloud native grows because every service requires some sort of authentication so more software is passing credentials through than ever before. 

Of the tools used by the community, there are four being recommended in the Technology Radar in the Adopt category: HashiCorp Vault, Certificate Manager, AWS Secrets Manager, and AWS Key Management Service.

In the Trial category, Bitnami Sealed Secrets and Encrypted repositories were recommended. In the Assess category Google Cloud Platform (GCP) Secrets Management and Sops were recommended. 

“I expected the results to overwhelmingly show that organizations are using the offering of the public cloud they are already using,” said Steve Nolen, site reliability engineer at RStudio and Radar team member. “While this was the case with four cloud provider tools ending up on the survey, worries about vendor lock-in led to other commercial tools appearing on the Radar. We were initially surprised to see such widespread adoption of Vault due to its high cost of entry and operational burden. However, after further review, it proved to be popular with organizations using a cloud-agnostic or multi-cloud approach.”