You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As cluster operator managing ArgoCD declaratively, I want to reference other Kubernetes secrets than argocd-secret for storing Git Webhook Secrets.
Motivation
Why is this feature required: Securing ArgoCD Webhooks is common practice and recommended by ArgoCD. However depending on the way secrets are managed in a cluster, it is harder to patch existing secrets than create new secrets declaratively (e.g. with Sealed Secrets).
Why now? Recent enhancements created flexibility for using other secrets as part of ArgoCD configuration (e.g. #6103 and #4342), however the Git Webhook Secret configuration is still only possible in argocd-secret.
Proposal
One way of implementing this could be making the Git Webhook secret and key configurable via argocd-cm ConfigMap, similar as implemented for oidc configuration
Alternatively, it could be considered to embed WebHook secret key configuration into repository configuration as the different repositories the services triggering the Webhooks already and a closer relationship could be reasonable.
The text was updated successfully, but these errors were encountered:
Summary
As cluster operator managing ArgoCD declaratively, I want to reference other Kubernetes secrets than argocd-secret for storing Git Webhook Secrets.
Motivation
Why is this feature required: Securing ArgoCD Webhooks is common practice and recommended by ArgoCD. However depending on the way secrets are managed in a cluster, it is harder to patch existing secrets than create new secrets declaratively (e.g. with Sealed Secrets).
Why now? Recent enhancements created flexibility for using other secrets as part of ArgoCD configuration (e.g. #6103 and #4342), however the Git Webhook Secret configuration is still only possible in argocd-secret.
Proposal
One way of implementing this could be making the Git Webhook secret and key configurable via argocd-cm ConfigMap, similar as implemented for oidc configuration
Alternatively, it could be considered to embed WebHook secret key configuration into repository configuration as the different repositories the services triggering the Webhooks already and a closer relationship could be reasonable.
The text was updated successfully, but these errors were encountered: