_CORE
Services
AI & Agentic Systems Core Information Systems Cloud & Platform Engineering Data Platform & Integration Security & Compliance QA, Testing & Observability IoT, Automation & Robotics Mobile & Digital
Industries
Banking & Finance Insurance Public Administration Defense & Security Healthcare Energy & Utilities Telco & Media Manufacturing Logistics & E-commerce Retail & Loyalty
References Technologies
Lab
Blog Know-how Tools
About Collaboration Careers
Language
CS EN
Let's talk

Secrets Management — Vault, SOPS a bezpečné ukládání

20. 11. 2025 1 min read intermediate

Kde bezpečně uložit databázová hesla, API klíče a certifikáty? Ne v kódu, ne v .env, ne v Confluence.

HashiCorp Vault

vault kv put secret/myapp db_password=”tajne” api_key=”sk_123” vault kv get -field=db_password secret/myapp

Python

import hvac client = hvac.Client(url=’https://vault:8200’, token=os.environ[‘VAULT_TOKEN’]) secret = client.secrets.kv.v2.read_secret_version(path=’myapp’)

Mozilla SOPS

sops –encrypt –age age1… config.yaml > config.enc.yaml sops –decrypt config.enc.yaml > config.yaml sops config.enc.yaml # Editace in-place

Kubernetes — External Secrets Operator

apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: myapp-secrets spec: refreshInterval: 1h secretStoreRef: name: vault-backend data: - secretKey: DB_PASSWORD remoteRef: key: secret/myapp property: db_password

Key Takeaway

Vault pro enterprise, SOPS pro menší týmy. Secrets nikdy v Gitu plaintext, vždy auditovatelné, vždy rotovatelné.

securityvaultsopssecrets
Share:

CORE SYSTEMS tým

Stavíme core systémy a AI agenty, které drží provoz. 15 let zkušeností s enterprise IT.

Všechny články

Další know-how

HashiCorp Vault — the secrets management we were missing

Passwords in environment variables, API keys in ConfigMaps. How HashiCorp Vault centralizes secrets management.

Secrets Management in Practice — HashiCorp Vault, SOPS and Secure Secret Management

Complete guide to secrets management in 2026. HashiCorp Vault, Mozilla SOPS, External Secrets Operator, key rotation...

Secrets in Kubernetes

How to properly manage secrets in K8s. External Secrets, Sealed Secrets, Vault.