-
Notifications
You must be signed in to change notification settings - Fork 150
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
enable secret injection natively via vault #160
Milestone
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The charts currently mandates to leverage a k8s secret. One could argue that k8s secrets are not really secure. Ideally we would want these secrets to be set by an injector (ex: Vault - either via custom initContainer or updated entrypoint script) to place a secret file in the secrets directly being scanned by
configurations.py
(ex:run/config/extra/vault
). The configuration.py should then read the secrets from secret file.The proposed changes are described as under:
_load_yaml()
once again after loading all the secrets; thereby any secrets inject override the default secretscommand
andarg
to be overriden for housekeeping and worker podsThe text was updated successfully, but these errors were encountered: