Support Azure Key Vault for Secrets Manager
Problem to solve
We plan to implement Vault as a secrets store bundled with GitLab, but some customers will prefer to use an Azure service. It will be possible to use our provided Vault with GKE (and any generic Kubernetes cluster), but they also provide their own first-party capability.
Intended users
Many developer and operations users will interact with this feature, but the primary integrator will be security operations teams.
Further details
This will provide more flexibility to teams, ensuring that GitLab is valuable even when not using our bundled secrets solution.
Proposal
We should allow for configuration to select a different secrets provider apart from the default provided Vault one. This should be implemented in a way that
Permissions and Security
Implementing this feature will require a comprehensive security evaluation by @gitlab-com/gl-security/appsec. The goal here is to improve security available both to GitLab itself, for CI/CD pipelines, and for users who want to store secrets in general associated with projects under development in GitLab.
Documentation
We should add to Secrets Documentation