You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Problem description:
It is not advisable to store secrets in a simple relational database where it can be easily retrieved.
Solution description:
Spring Cloud Data Flow and Skipper need to be able to retrieve secrets and configuration values from more than one location depending on deployment configuration. As an example you can have Kubernetes Secrets or ConfigMaps accessible in the namespace where SCDF is deployed and you can have a Spring Cloud Config Server.
The user should be able to provide a spel expression that is evaluated to retrieve the relevant value for a property or environmental variable.
In the case of providing a value to an environmental variable and the deployment is on Kubernetes it is possible to reference secrets value by name and key.
The Spel expression need to provide unambiguous information on which method to use and what to retrieve.
We need to decide how Dataflow is going to choose to evaluate the Spel expression and not passed to the application as the value of the property/environmental variable. A suggestion is that those be surrounded by ' or prefixed with a \
Options to consider:
property=#{System.env['ENV_VAR_NAME']}
property=#{k8s.secrets['SECRET_NAME']}
property=#{k8s.secrets['SECRET_NAME'].key}
property=#{config.property.name}
property=#{config['application'].property.name}
Dataflow will use Environment or a specific PropertyResolver to retrieve the relevant property value.
The text was updated successfully, but these errors were encountered:
Problem description:
It is not advisable to store secrets in a simple relational database where it can be easily retrieved.
Solution description:
Spring Cloud Data Flow and Skipper need to be able to retrieve secrets and configuration values from more than one location depending on deployment configuration. As an example you can have Kubernetes Secrets or ConfigMaps accessible in the namespace where SCDF is deployed and you can have a Spring Cloud Config Server.
The user should be able to provide a spel expression that is evaluated to retrieve the relevant value for a property or environmental variable.
In the case of providing a value to an environmental variable and the deployment is on Kubernetes it is possible to reference secrets value by name and key.
The Spel expression need to provide unambiguous information on which method to use and what to retrieve.
We need to decide how Dataflow is going to choose to evaluate the Spel expression and not passed to the application as the value of the property/environmental variable. A suggestion is that those be surrounded by ' or prefixed with a \
Options to consider:
property=#{System.env['ENV_VAR_NAME']}
property=#{k8s.secrets['SECRET_NAME']}
property=#{k8s.secrets['SECRET_NAME'].key}
property=#{config.property.name}
property=#{config['application'].property.name}
Dataflow will use
Environment
or a specificPropertyResolver
to retrieve the relevant property value.The text was updated successfully, but these errors were encountered: