Skip to content

Implement Secret-based credential management #41

New issue
New issue
Closed
#44
Closed
Implement Secret-based credential management#41
#44
Assignees
Shahab96
@Shahab96

Description

@Shahab96
Shahab96
opened on Nov 13, 2025

Currently, the operator only supports reading RustFS credentials (accesskey/secretkey) from environment variables. We need to add support for reading credentials from Kubernetes Secrets for better security and integration with secret management systems.

Current Behavior

  • Credentials are extracted via get_tenant_credentials() in src/context.rs:187
  • Only environment variables (accesskey, secretkey) are supported
  • TODO comment exists at line 187: "Add support for reading credentials from Secrets"

Desired Behavior

Support multiple credential sources:

  1. Kubernetes Secrets (referenced in Tenant spec)
  2. Environment variables (existing behavior, for backward compatibility)
  3. Proper validation and error handling for missing/invalid credentials

Implementation Considerations

  • Add optional credentialsSecret field to Tenant spec
  • Update get_tenant_credentials() to check Secret first, then fall back to env vars
  • Add validation for credential format and requirements
  • Update documentation and examples

Priority

High - Core Stability (from ROADMAP.md)

Related

  • Referenced in: src/context.rs:187
  • Part of: Core Stability roadmap phase

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions