Из ленты dev.to devops — кратко, чтобы не потерять.
On March 14th, 2023, our CI pipeline stalled for 187 ms per job after we added Vault to a static‑config microservice that never fetched new credentials at runtime, causing a $4,200 /mo SLA breach. The Mis‑fit: Static Binaries with Hard‑Coded Secrets Why the secret never changes We built Service A as a thin wrapper around an existing MySQL database. The password was generated once, stored in a Helm values file, and baked into the Docker image at build time. No one ever rotated it because the DBA team considered the credential “permanent”. In other words, the secret’s lifecycle was static from day one. Cost of pulling from Vault each start When the ops team insisted on “centralised secret management”, we swapped the baked value for a Vault lookup. Each pod now performed a TLS handshake, auth
Полный текст и контекст у первоисточника: https://dev.to/isabelle_dubuis_d858453d7/when-a-secrets-manager-becomes-a-costly-bottleneck-3alo