Uploaded image for project: 'Open Education IIIT Bangalore'
  1. Open Education IIIT Bangalore
  2. OEIIITB-22

Read Secrets from Disk as well as from Env

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Unresolved
    • Icon: Medium Medium
    • False
    • Hide

      None

      Show
      None
    • False
    • Argo Sprint 1

      Implement the upstream enhancement
      https://github.com/argoproj/argo-cd/issues/20619

      Summary

      Today secrets such as REDIS_USERNAME are only readable via os.GetEnv() which means we cannot mount secrets from disk.
      For some

      Motivation

      Within some environments I work in we can only mount secrets from disk following gatekeeper policies, this means today I cannot run argocd in these environments as the rules around this block me.

      Proposal

      Where we are reading secrets today we could either:

      Give the env var an alternative _FILEPATH and read the file from there
      Have a config file which can be read from using a tool like viper to give users the option.
      Potential additional benefits are that when secrets change (such as a redis password rotation) the change can be automatically picked up without needing a pod restart.

      Notes

      I am happy to start implementing this if people agree, it's more an RFP before putting in the work

              rh-ee-anjoseph Anand Francis Joseph
              rh-ee-anjoseph Anand Francis Joseph
              Yash Talele
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: