Allow reference of secrets for Git Webhook Secrets #8154
Labels
enhancement
New feature or request
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary
As cluster operator managing ArgoCD declaratively, I want to reference other Kubernetes secrets than argocd-secret for storing Git Webhook Secrets.
Motivation
Why is this feature required: Securing ArgoCD Webhooks is common practice and recommended by ArgoCD. However depending on the way secrets are managed in a cluster, it is harder to patch existing secrets than create new secrets declaratively (e.g. with Sealed Secrets).
Why now? Recent enhancements created flexibility for using other secrets as part of ArgoCD configuration (e.g. #6103 and #4342), however the Git Webhook Secret configuration is still only possible in argocd-secret.
Proposal
One way of implementing this could be making the Git Webhook secret and key configurable via argocd-cm ConfigMap, similar as implemented for oidc configuration
Alternatively, it could be considered to embed WebHook secret key configuration into repository configuration as the different repositories the services triggering the Webhooks already and a closer relationship could be reasonable.
The text was updated successfully, but these errors were encountered: