That works on a single persistent box, but unfortunately, that means giving up on autoscaling, which is not so nice for cloud applications.
That works on a single persistent box, but unfortunately, that means giving up on autoscaling, which is not so nice for cloud applications.
You can proxy the UNIX socket to a network server if you want to. You can even use SSL encryption at all times too.
Once it's networked you lose the "whitelist of systemd services" and it's then no different from any networked secret store.