controlPlane.backingStore.database.external.dataSource should be able to be read from a Secret

[virtualdxs]

Is your feature request related to a problem?

I use the cloudnative-pg operator to deploy Postgres databases in my Kubernetes host cluster. It automatically creates a Secret with the credentials and endpoint information of how to connect to the Postgres database, as is common. I would like to be able to tell vCluster to get its database connection information from that secret.

This allows me to never need to store the database password in my configuration repository. As it stands, I must store the database password unencrypted in the values.yaml for the Helm release.

Which solution do you suggest?

Support specifying an existingSecret to retrieve this information from. To use the Nextcloud helm chart as an example:

existingSecret:
  enabled: false
  # secretName: nameofsecret
  usernameKey: db-username
  passwordKey: db-password
  # hostKey: db-hostname-or-ip
  # databaseKey: db-name

This example uses separate keys for username, password, etc. but just being able to retrieve the uri from a secret would be sufficient

Which alternative solutions exist?

Allow in the Helm chart for a custom config-secret to be specified so I can use SOPS to securely store it encrypted in my configuration repository

Additional context

No response

[heiko-braun]

Thanks, it's a reasonable request and we are already looking into it. Unfortunately, I don't have any concrete dates yet.