Secret Management for Sub-Clusters #192

lb4368 · 2021-07-02T14:33:58Z

Problem description
Currently all encrypted secrets such as CAs, ssh keys, Dex client secrets, etc. are managed as part of the management cluster. As sub-clusters are added to multi-tenant sites, there needs to be a mechanism to manage secrets specific to individual sub-clusters.

Proposed change

Provide a mechanism to generate and encrypt secrets specific to an individual sub-cluster.
Provide a mechanism to provide external secrets specific to an individual sub-cluster.
All secrets must be encrypted at rest and encryption key for sub-cluster may be the same or different from one used in management cluster.

lb4368 added enhancement New feature or request triage 2-Manifests Relates to manifest/document set related issues labels Jul 2, 2021

jezogwza removed the triage label Jul 14, 2021

jezogwza added the priority/low Items that are considered non-critical for functionality, such as quality of life improvements label Jul 14, 2021

jezogwza added this to the Future milestone Jul 14, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Secret Management for Sub-Clusters #192

Secret Management for Sub-Clusters #192

lb4368 commented Jul 2, 2021

Secret Management for Sub-Clusters #192

Secret Management for Sub-Clusters #192

Comments

lb4368 commented Jul 2, 2021