Skip to content
This repository has been archived by the owner on Dec 16, 2024. It is now read-only.

Support for templating the final Secret object #240

Open
diranged opened this issue Nov 23, 2020 · 0 comments
Open

Support for templating the final Secret object #240

diranged opened this issue Nov 23, 2020 · 0 comments

Comments

@diranged
Copy link

While dealing with argoproj-labs/argocd-notifications#107, I found that what I really wanted to do was be able to use the KMSSecret to encrypt the slack-token itself, but leave the templating of the final Secret object up to me. So in an ideal case, I'd do something like this:

apiVersion: secret.h3poteto.dev/v1beta1
kind: KMSSecret
metadata:
  name: mysecret
spec:
  region: us-west-2
  encryptedData:
    token: AQICAHjXjb32Y6TlYg+cmslx4ZbGqqzlAk+...+376w6fOCGsRRY2tfKWOQ==
  secretTemplate:
    notifiers.yaml: |
      slack:
        token: ${token}

This lets me control the final secret format and ensures that I am only trying to encrypt the secret bits of data - rather than me trying to encrypt some multiline piece of text to get around the fact that the argocd-notifications project has a bug (IMO).

Thoughts?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

2 participants