Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request: Controller-side secret decryption at bundle preprocessing via vals #2407

Open
rajiteh opened this issue May 3, 2024 · 0 comments
Open

Feature Request: Controller-side secret decryption at bundle preprocessing via vals #2407

rajiteh opened this issue May 3, 2024 · 0 comments
Labels
kind/enhancement

Comments

@rajiteh
Copy link
Contributor

rajiteh commented May 3, 2024

Is your feature request related to a problem?

Certain input values for a release defined in a fleet.yaml can contain sensitive data that should not be commited to git. A safer strategy would be to specify a reference to the secret in the fleet yaml for readability but resolve it from a secure location at run time.

Solution you'd like

Ability for the fleet controller to parse and decrypt secret references in the fleet.yaml at deploy time when it's preparing bundles. A generic secret processing backend such as https://github.com/helmfile/vals is idea for this as it supports configuration via environment variables.

Then the fleet controller deployment needs to be enriched with the required environment variables for vals library to resolve secrets from the appropriate backends. (https://github.com/helmfile/vals?tab=readme-ov-file#supported-backends)

Alternatives you've considered

No response

Anything else?

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/enhancement
Projects
Fleet
Status: 🏗 In progress
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rajiteh