Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-3988

[RFE] Support the External Secret Operator

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • None
    • GitOps, Pipelines
    • None
    • False
    • None
    • False
    • Not Selected

      What problem/issue/behavior are you having trouble with? What do you expect to see?
      We would like to have a Red Hat supported version of the External Secret Operator [1].

      The reason is that secret management is crucial for our Production environments as we are using a Gitops,
      and we like the approach of the External Secret Operator as we believe is less invasive that other options such as Hashicorp Vault or CSecrets Store CSI Driver, but currently is just an Open Source project, and we would like Red Hat to support it.

      We think is the only missing piece to have a fully supported and secure CI/CD Gitops workflow, in combination with OpenShift Gitops, and OpenShift Pipelines.

      A second reason related to the first is because SSCSID needs a pod webhook to really have it work well. You can not easily use SSCSID secrets to reference them in ingress, or dockerconfig for pulling images, since a goal can be just to mount to a pod. Even if you want to enable k8s secret sync, you need to first mount the secret to a pod to sync it. This means it can not always (easily) be used as a drop-in replacement.

       

      What is the business impact? Please also provide timeframe information.
      The reason is that secret management is crucial for our Production environments as we are using a Gitops, and we like the approach of the External Secret Operator as we believe is less invasive that other options such as Hashicorp Vault or CSecrets Store CSI Driver, but currently is just an Open Source project, and we would like Red Hat to support it.

      We think is the only missing piece to have a fully supported and secure CI/CD Gitops workflow, in combination with OpenShift Gitops, and OpenShift Pipelines.

      [1] https://external-secrets.io/v0.8.1/

              rh-ee-npng Nick Png
              rhn-support-vmedina1 Victor Medina
              Votes:
              30 Vote for this issue
              Watchers:
              56 Start watching this issue

                Created:
                Updated:
                Resolved: