Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support templating of output secrets #43

Open
wnagele opened this issue Jul 9, 2024 · 1 comment
Open

Support templating of output secrets #43

wnagele opened this issue Jul 9, 2024 · 1 comment

Comments

@wnagele
Copy link

wnagele commented Jul 9, 2024

It would be great to be able to template the secrets created by the operator in a similar fashion as sealed secrets is supporting. For instance right now you cannot furnish a dockerconfigjson as you cannot set the type of the resulting secret. Neither can you add more labels/annotations to be able to hook it into other processes.

@brianramseyau
Copy link

I came here to add this request, so I will instead add my 2c to this issue instead.

While the above is better than nothing, I feel something more akin to the way that vault-secrets-operator handles it (see the spec for transform here: https://developer.hashicorp.com/vault/docs/platform/k8s/vso/api-reference#transformation) would be "more" useful and robust.

The ability to do significant transforms, add arbitrary secret key/values, etc are fundamentally basic requirements of this kind of system and if we are to take Secrets Manager seriously in the Corporate space (currently heavily dominated by HashiCorp Vault).

While I am trying this out in my HomeLab at the moment, I hope this may evolve in time to be such as a suitable replacement for current tooling.

I do feel however that one of the letdowns is in the SecretsManager itself, in that it can only store single key/value pairs not multiple like other solutions, the saving grace for this 1:1 limitation upstream would be a very robust operator making the trade-off more agreeable.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants