You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
How to provide DB credentials to Temporal from a file?
The existingSecret method of providing a database password injects the password as an environment variable using valueFrom / secretKeyRef.
However, CIS Benchmark generally recommends not passing secrets as env vars:
Prefer using secrets as files over secrets as environment variables
Describe the solution you'd like
Can providing a secret as a file be supported as an option?
Additional context
Kubernetes Secret Store CSI Driver will mount secrets from external sources as volumes without even creating a secret. This is judged to be even more secure; the fewer Secrets in Kubernetes the better.
In either case, Temporal would be consuming the password from a file instead of from env vars.
The text was updated successfully, but these errors were encountered:
Temporal itself does not support this so neither will the helm chart. Please open an issue on http://github.com/temporalio/temporal and re-open here if the feature is added.
Is your feature request related to a problem? Please describe.
How to provide DB credentials to Temporal from a file?
The
existingSecret
method of providing a database password injects the password as an environment variable using valueFrom / secretKeyRef.However, CIS Benchmark generally recommends not passing secrets as env vars:
Describe the solution you'd like
Can providing a secret as a file be supported as an option?
Additional context
Kubernetes Secret Store CSI Driver will mount secrets from external sources as volumes without even creating a secret. This is judged to be even more secure; the fewer Secrets in Kubernetes the better.
In either case, Temporal would be consuming the password from a file instead of from env vars.
The text was updated successfully, but these errors were encountered: