Kustomize: secretGenerator to use Vault

Created on 12 Feb 2019  路  1Comment  路  Source: kubernetes-sigs/kustomize

The new secretGenerator uses: LiteralSources, FileSources, EnvSource.

I wonder if a VaultSources would be useful?
Using vault from Hashicorp as single source of truth for credentials without ever persisting them on disk unencrypted.

If this is approved I can provide a PR with some code implementing this

picture gitirabassi

Most helpful comment

please consider using @sethpollack 's secret generator plugin plan

We'll have some process (likely just a PR) for graduating from plugin (which requires more download work for the user) to a 'builtin' secret generator.

The code change would be minimal given a plugin.

A plugin is just a Go package, so you go from loading it to importing it. The plugin name would become a a reserved word in the secret generator stanza, a sibling to goplugin.

picture monopole on 15 Feb 2019
👍4

>All comments

please consider using @sethpollack 's secret generator plugin plan

We'll have some process (likely just a PR) for graduating from plugin (which requires more download work for the user) to a 'builtin' secret generator.

The code change would be minimal given a plugin.

A plugin is just a Go package, so you go from loading it to importing it. The plugin name would become a a reserved word in the secret generator stanza, a sibling to goplugin.

monopole picture monopole on 15 Feb 2019
👍4
Was this page helpful?
0 / 5 - 0 ratings

Related issues

sidps picture sidps  路  5Comments
monopole picture monopole  路  3Comments
surki picture surki  路  4Comments
davidknezic picture davidknezic  路  3Comments
Liujingfang1 picture Liujingfang1  路  4Comments