Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
RFC - Delivery of sensitive data to providers #4042
We have a particular issue (and potentially many others) around using Spinnaker to deliver things like Secrets to Kubernetes and DC/OS in that it does not actually have a mechanism to protect those secrets from exposure. While there are projects like sealed-secrets for Kubernetes, that doesn't allow for usage of Spinnaker's k8s versioning functionality which is desirable for the same reason it is for ConfigMaps. This means that secrets must be managed out of band of Spinnaker to get the full functionality which removes the ability for Spinnaker to really be the one stop shop for delivery of things to specific providers that might have to deal with secrets. Similar to #3969 I would like to propose an RFC for handling this problem:
Based just on our usage this would be useful for a few situations:
SOP's looked quite powerful too.