We currently use several strategies to store credentials, the reference one being to use the passphrase application on DevCentral.
Vault will contain:
- passwords for Docker containers
- credentials to log in to external services (e.g. API keys for a mail service)
Some credentials will still be stored on DevCentral:
- SSH keys used for Harbourmaster
- SSH keys as deploy keys for GitHub repositories
Some credentials needed to install Vault will also be stored on file:
- Credentials to access Vault backend storage
Then, to configure Salt to use Vault, https://medium.com/@aratik711/saltstack-and-vault-integration-20eeb2e7ec9c provides a checklist-like howto.