I am using FreeIPA and KeyCloak to be the Source of Truth (For Identity) in my home lab. I am learning and gaining hands on experience with LDAP, Kerberos, HBAC, Certificate Management, Split Zone DNS, etc

For Secrets, I have VaultWarden and Hashi-corp. Vault Waden allows me to keep track of passwords, Keys and other home lab secrets. Hashi-Corp allows services to be retrieve secrets/keys in a secure way. This allows finer control over who sees what, and allows for logging of who has seen what. This allows keys and passwords to be passed to ansible with out having GitLab's token in plane text, nor, Other secrets in Docker Compose files.