Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

secrets management #9

Closed
hall opened this issue Sep 5, 2022 · 1 comment · Fixed by #11
Closed

secrets management #9

hall opened this issue Sep 5, 2022 · 1 comment · Fixed by #11
Assignees
@hall
Labels
documentation Improvements or additions to documentation enhancement New feature or request

Comments

@hall
Copy link
Owner

hall commented Sep 5, 2022

Seems the general nix approach to secrets management is to read a file at (app) runtime. The easiest approach here is probably kustomize's secretGenerator (there are also tools like helm-secrets or vals; which I'm open to but will leave for later consideration as I'd rather not add them for the sake of having them).

The outcome of this issue should be both the ability to read secrets from an arbitrary file, without writing anything to the store, and a section on how to do so in the docs. Given my current leaning toward kustomize (as it's builtin to kubectl anyway), the former half will like occur as part of a more general task to support kustomize.
@hall hall self-assigned this Sep 5, 2022
@hall hall added documentation Improvements or additions to documentation enhancement New feature or request labels Sep 5, 2022
@hall hall mentioned this issue Sep 5, 2022
Closed
@hall hall linked a pull request Sep 16, 2022 that will close this issue
add support for vals #11
Merged
@hall hall mentioned this issue Sep 16, 2022
Merged
@hall
Copy link
Owner Author

hall commented Sep 16, 2022

I decided against kustomize as it has proven itself to be, once again, not very kustomizable; in this case, it's not able to read files outside of the directory where kustomization.yaml resides. Besides, adding support for vals was very straightforward and enables using several different providers.

This solves my need so I'm going to close this but I'd be happy to consider alternatives if others find a need.

@hall hall closed this as completed in #11 Sep 16, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hall hall

Labels
documentation Improvements or additions to documentation enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

add support for vals hall/kubenix
1 participant
@hall