Hello,
Is it possible to use a Secrets Store CSI driver provider (for example for HashiCorp Vault) to inject the private key for signing, rather than storing it as a Kubernetes secret (as is stated here):
To get started signing things in Chains, you will need to generate a keypair and instruct Chains to sign with it via a Kubernetes secret. Chains expects a private key, and password if the key is encrypted, to exist in a Kubernetes secret signing-secrets in the tekton-chains namespace.
I'm keen to avoid storing any secrets we don't have to as Kubernetes Secrets and so we would like to use Vault + injection into pods where possible.
Thanks!
Matt
Hello,
Is it possible to use a Secrets Store CSI driver provider (for example for HashiCorp Vault) to inject the private key for signing, rather than storing it as a Kubernetes secret (as is stated here):
I'm keen to avoid storing any secrets we don't have to as Kubernetes Secrets and so we would like to use Vault + injection into pods where possible.
Thanks!
Matt