Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve secret handling #34

Open
benbz opened this issue Oct 17, 2022 · 0 comments
Open

Improve secret handling #34

benbz opened this issue Oct 17, 2022 · 0 comments

Comments

@benbz
Copy link
Member

benbz commented Oct 17, 2022

Currently we have

createSecret: true
JICOFO_AUTH_PASSWORD: ""
JICOFO_COMPONENT_SECRET: ""
JVB_AUTH_PASSWORD: ""

With either requires an external secret to be created/managed or those 3 values to be provided with secrets. #6 did this because we were getting in situations where the secrets were changing every deploy but only some deployables were being restarted (and so picking up the new secret values) leading to situations where the running deployables were using different password values.

Look at https://helm.sh/docs/topics/charts_hooks/ to see if that will help with secret generation inside the chart again. But more generally we should look at specifying a secret name & key that contains these values, e.g. the Bitnami redis chart has:

Value Description Default
auth.password Redis® password ""
auth.existingSecret The name of an existing secret with Redis® credentials ""
auth.existingSecretPasswordKey Password key to be retrieved from existing secret ""

Using the above scheme we could generate a password on initial install only if neither of the top 2 is set

This will be important if we want to do #29 or #30.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@benbz