Users should not supply auth token in chains-config configMap in plaintext

[PuneetPunamiya]

Feature request

As of today vault token is supplied via the signers.kms.kmsref.auth.token field which is not very ideal as it stores the token in clear text

This can also be true for other tokens as well

[wlynch]

Agreed. We should make this a secret ref (though for backwards compatibility probably needs to be a new field)

[concaf]

@lcarva did you propose signers.kms.auth.token-path as a fix for this issue?

[lcarva]

@lcarva did you propose signers.kms.auth.token-path as a fix for this issue?

I believe @PuneetPunamiya did during one of the Chains WG meeting. There was unanimous agreement among the Chains maintainers IIRC.

[concaf]

ack, sounds good :) i agree with the solution and it solves similar issues as users are facing with MONGO_SERVER_URL rotation (like you said already 😛)