Secrets Management

In order to set up and manage your webportal, there are a number of secrets that will need to be created. Many of these can be created automatically when running the ansible playbooks. If you are planning on using the ansible playbooks, you will need to pick and configure one of the following secret managers.
NOTE: You do not need to install anything on your server during the prerequisites. Any install instructions in the prerequisites are for installing items on your local machine in order to manage your remote server.

Secrets Migration Wizard

NOTE: You can start with one Secrets Manager below (e.g. plaintext) and migrate your secrets to another Secrets Manager (e.g. HashiCorp Vault) later.
We have created a wizard script that you can use to migrate your cluster secrets between any supported secrets management options (LastPass <=> plaintext <=> HashiCorp Vault).
The migration wizard script checks consistency of configurations between source and target secrets management options before and during migrating secrets and prevents some of the misconfiguration issues or possible overrides of migrated secrets.
You can read documentation of the migration wizard script in ansible-playbooks/ file here.
Below is a live demo of the migration wizard:
Live demo of secrets manager migration wizard.

Plain Text

The plain text secrets management uses the ansible-private repo to create and store your portal's secrets. This is the easiest and quickest way to get started, as ansible-private is already used for a number of other configs.
See here for getting your ansible-private directory setup for plain text secrets management.

HashiCorp Vault

If you do not want to use the plain text option for secrets management, or if you are running a portal as part of a team, then it is recommended that you use HashiCorp Vault as your secrets manager.
See here for getting your HasiCorp Vault secrets management setup.


Lastpass has been found to be unstable. We do not recommend using LastPass. It is recommended that you migrate to either plaintext or hasicorp vault.
If you don't have a LastPass account, head over to to create an account.
See here for getting your LastPass secrets management setup.