This is how I manage my own infrastructure. It’s a project, but it’s not really intended for public consumption… in particular, documentation is pretty much nonexistent.
It’s a repo that builds a Docker image with all the prerequisites I need,
like libraries for talking to AWS and so forth.
I commit encrypted secrets to the repo,
and then start the image and run psecrets unlock.
That prompts me for my GPG passphrase, and once it’s entered correctly,
I can deploy to all my infrastructure seamlessly.
The Docker image is intended to be short-lived, so that my secret key stays out of memory unless necessary.
It also is a great way to work if you want to deploy from machines on different OSes,
because the prereqs can be built into the Docker image one time, and then run from anywhere.
It’s probably too tied to my personal workflows to be directly used by someone else,
but the repository contains code that might be useful:
mrled/psyops.
