<!--IssueSummary start--> <details> <summary> Everyone can contribute. [Help move this issue forward](https://handbook.gitlab.com/handbook/marketing/developer-relations/contributor-success/community-contributors-workflows/#contributor-links) while earning points, leveling up and collecting rewards. </summary> - [Close this issue](https://contributors.gitlab.com/manage-issue?action=close&projectId=278964&issueIid=594091) </details> <!--IssueSummary end--> ## Problem GitLab Secrets Manager requires OpenBao to be deployed via the GitLab Helm chart on Kubernetes. Beta customers have asked for more deployment flexibility for environments where Helm/Kubernetes is not the preferred deployment method. ## Customer Use Case > "The second point, the limitations to deploy the vault only through a helm chart. It would be nice to have more options." — Beta customer ## Current State - OpenBao is deployed exclusively via the [GitLab Helm chart](https://docs.gitlab.com/charts/charts/openbao/) - GitLab Rails connects to OpenBao via `openbao.url` and `openbao.internal_url` configuration — it is deployment-method agnostic - The Helm chart handles auto-unseal, TLS, PostgreSQL backend, HA standby setup, and recovery key management ## Possible Future Options Each option would need its own evaluation for engineering effort and support burden: - **Docker Compose** — For smaller or non-Kubernetes environments - **Linux package (Omnibus)** — Bundled with GitLab's existing Linux packages - **Terraform modules** — For cloud-managed deployments (GCP, AWS, Azure) - **Operator-based deployment** — For OpenShift or managed Kubernetes platforms ## Considerations - Helm-only is a reasonable scope constraint for GA - Each additional deployment path multiplies the test and support matrix - OpenBao operational complexity (unseal, HA, backup/restore) makes alternative packaging non-trivial ## Related - Secrets Manager GA Epic: https://gitlab.com/groups/gitlab-org/-/epics/10723 - Operational Readiness Review: https://gitlab.com/gitlab-org/gitlab/-/issues/524750