See if a light weight kubernetes installation is for you. Secrets are first class citizens in k8s. You can maintain secrets in a number of different ways, but they are exposed to containers the same way. They can become files or environment variables, whether you need.

I recommend looking at k3s to run on your Pi and see if that works for you. You can add vault software on top of that later without changing your containers.

The distinction is between bare metal and virtual machine. Most cloud deployments will be hosted in a virtual machine, inside which you host your containers.

So the nested dolls go:

• bare metal (directly on hardware)
• virtual machine (inside a hypervisor)
• container (inside Docker, podman, containers, etc.)
• runtime (jvm, v8, clr, etc) (unless your code is in C, Rust, or other such language)
• your code

I have one of my domains on Cloudflare and was thinking of moving the rest of them there. What makes it harder to move name servers away from Cloudflare than other places?