I am trying to understand some basic concepts as I am still new to the concept of service discovery and cloud programming (excuse the cliché). A question that has been in my head for some time is: are service discovery solutions like Consul, etcd & Zookeeper responsible for providing service credentials as well?
For example, if we have a web application which queries information about the location of database server(s), who is responsible for providing it with the credentials (username, password) for connecting to it? I do know that this is probably subjective but I would be glad to learn more about best practices related to that.
Indeed, see Consul and Vault. Now, for the reasoning: service registries typically don't come with a full-fledged set of ACLs, etcetera, to protect secrets, plus they gossip said secrets around the network, dump them left and right on disk - it's a security nightmare. You want to make sure that access is as limited as possible, strictly on a need-to-know basis. Therefore, use some specific tool to do that - Hardware Security Modules, Vault, Chef encrypted databags, and so on.