Skip to content

Query: Use of Secrets Store CSI driver provider #609

Description

@mtcolman

Hello,

Is it possible to use a Secrets Store CSI driver provider (for example for HashiCorp Vault) to inject the private key for signing, rather than storing it as a Kubernetes secret (as is stated here):

To get started signing things in Chains, you will need to generate a keypair and instruct Chains to sign with it via a Kubernetes secret. Chains expects a private key, and password if the key is encrypted, to exist in a Kubernetes secret signing-secrets in the tekton-chains namespace.

I'm keen to avoid storing any secrets we don't have to as Kubernetes Secrets and so we would like to use Vault + injection into pods where possible.

Thanks!

Matt

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions