[Feature Request] Ability to provide DB credentials from a file #321
Labels
enhancement
New feature or request
Comments
|
Temporal itself does not support this so neither will the helm chart. Please open an issue on http://github.com/temporalio/temporal and re-open here if the feature is added. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
How to provide DB credentials to Temporal from a file?
The
existingSecretmethod of providing a database password injects the password as an environment variable using valueFrom / secretKeyRef.However, CIS Benchmark generally recommends not passing secrets as env vars:
Describe the solution you'd like
Can providing a secret as a file be supported as an option?
Additional context
Kubernetes Secret Store CSI Driver will mount secrets from external sources as volumes without even creating a secret. This is judged to be even more secure; the fewer Secrets in Kubernetes the better.
In either case, Temporal would be consuming the password from a file instead of from env vars.
The text was updated successfully, but these errors were encountered: