Feedback: you need to state very clearly, high up on the page WHY someone would want to use a non-managed solution vs SecretsManager or SSM Parameter Store.
The website has way too much information that is basic credentials store 101. I know why Iβd want a secrets manager already.
and if you are targeting users/builders on AWS (which you are implicitly if you canβt run off AWS) you need to be clear as to why anyone would waste time with an unmanaged solution
> Embrasure is an open-source, self-hosted secrets management tool built on Amazon Web Services (AWS) for small teams seeking simplicity and security.
Was excited to hear about self-hosted secrets management, but expected "self-hosted" to mean I can host anywhere, but the depends specific AWS features.
I actually mean that the service need not care if it's in the cloud or on-premise as opposed to whose cloud. Many of my services don't need to do anything in the cloud.
If you look at things like awesome-selfhosted[0] you'll see that this is the prevailing expectation of things describing themselves as "self-hosted".
I donβt think we should go down that rabbit hole of redefining self hosting ad anything other than host it in your own infra. So if AWS disappeared today, would your product still be self hosted? If being self hosted does not actually depend on your product but on the availability of another provider, there I donβt think we should call it self hosted.
> Based on a strict definition, I agree that Embrasure may not be considered self-hosted, but I don't think that's the "prevailing expectation."
I wont 100% discount that I live in a bubble, but try ask 100 random people what "self hosted" means, I would strongly guess that very very few says "I can (only) spin up some resources on AWS and deploy it there"
Self-hosting does not mean you can't run it on AWS, but people expect more. Just look at Postgresql as an example of a self hosted software. You can run it in the cloud or your own basement.
I would disagree. Sure, you don't own the hardware, but you have total control over Embrasure's functionality within your self-contained instance.
Wikipedia: "Self-hosting is the practice of running and maintaining a website or service using a private web server, instead of using a service outside of someone's own control."
Yes, correct, AWS Secrets Manager is out of your own control. You don't control it. AWS does. They can change it or even end it as a product any day they like.
True, but it doesn't have a program wrapper and isn't part of the AWS Free tier.
For a lot of teams, it's a better choice than Embrasure, but Embrasure serves its use case well and all of its components can be deployed with AWS's free plan.
This is another reason why I'm happy using ECS. You just reference the keys in the task definition, and secrets from Parameter Store (or Secrets Manager, if you want the added cost and advantages like secrets rotation) are injected when the task starts.
> "Typically, self-hosted software is installed and operated on servers physically located within the organizationβs premises"
When you claim it is self hosted everyone assumes you can host it anywhere, including AWS if they want. Your software can't do that.
You need to make it clear, otherwise you will alienate your potential users. You may be technically correct for a limited definition of self hosted, but that is not what users expect.
Thanks for your reply, but as far as I read the documentation, your solution relies on AWS. If so, manged vs self-hosted is not really an issue since you are already locked into AWS. If it works without AWS, then it makes sense.
The website has way too much information that is basic credentials store 101. I know why Iβd want a secrets manager already.
and if you are targeting users/builders on AWS (which you are implicitly if you canβt run off AWS) you need to be clear as to why anyone would waste time with an unmanaged solution