In order to set up and manage your webportal, there are a number of secrets that will need to be created. Many of these can be created automatically when running the ansible playbooks. If you are planning on using the ansible playbooks, you will need to pick and configure one of the following secret managers.
We have created a wizard script that you can use to migrate your cluster secrets between any supported secrets management options (LastPass <=> plaintext <=> HashiCorp Vault).
The migration wizard script checks consistency of configurations between source and target secrets management options before and during migrating secrets and prevents some of the misconfiguration issues or possible overrides of migrated secrets.
Below is a live demo of the migration wizard:
Live demo of secrets manager migration wizard.
The plain text secrets management uses the ansible-private repo to create and store your portal's secrets. This is the easiest and quickest way to get started, as ansible-private is already used for a number of other configs.
If you do not want to use the plain text option for secrets management, or if you are running a portal as part of a team, then it is recommended that you use HashiCorp Vault as your secrets manager.