Feature-Request to improve security: allow annotations: on the license-key Secret #106
Comments
|
Please review the PullRequest ❤️ |
weitzj
pushed a commit
to devk-insurance/ambassador-chart
that referenced
this issue
Jul 15, 2020
This adds support for setting annotations on the license-key-secret. Fixes: datawire#106
inercia
added a commit
that referenced
this issue
Jul 17, 2020
…rLicenseKeySecret Fix #106 - Add annotations to license-key-secret
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Feature Request:
Allow
annotations:on theSecretfor the license-key.Allow setting annotations on the Kubernetes Secret, which is holding the
license-keyfor Ambassador.This allows third-party tooling to fetch the acutal secret data from a safe location (like Hashicorp Vault) when the value is needed as Kubernetes Secrets are not safe.
Background:
As of right now one has to hard-code the license-key in the values.yaml in order to bootstrap automatically a fresh Ambassador installation. This works, but if one follows the GitOps pattern, it might be better to not hard-code secrets in Git.
Therefore it would be good to only safe a reference to the actual value in the secret (or use env-vars). One nice tool, which lets you do this with Kubernetes and Hashicorp Vault is BanzaiCloud Vault-Webhook (https://banzaicloud.com/docs/bank-vaults/mutating-webhook/)
To use this feature, one has to be able to add
annotations:to a secret.The text was updated successfully, but these errors were encountered: