You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It would be nice if secrets were supported as a first class resource. They could be generated and stored then used to create/access the resource and be passed around securely as well as the platform supports and stop writing them to state/config files. eg:- docker-compose output snippit
secure deployment and configuration and stop secrets getting wrtitten into files and environments
Possible implementation
using docker(-compose) secrets/k8s secrets a secret could be created
Then used to create and protect the resource
And then used to access the resource.
Additional information
No response
The text was updated successfully, but these errors were encountered:
Currently secret outputs from resources being injected into envvars and file mounts are handled by the Score implementations themselves.
Eg: score-k8s will expect the secret to be present in a Kubernetes Secret and then if this is used in an env var or file will use projected volumes or K8s-specific tools to securly mount the secret.
We didn't do this in score-compose because the docker secrets require swarm mode.
It's a good question whether there is a generalisable way of doing this that we could pull into the spec itself. It may be tricky since different runtimes support different interpolations, mount strategies, content lengths, and structures so it may not be possible.
Detailed description
It would be nice if secrets were supported as a first class resource. They could be generated and stored then used to create/access the resource and be passed around securely as well as the platform supports and stop writing them to state/config files. eg:- docker-compose output snippit
Context
secure deployment and configuration and stop secrets getting wrtitten into files and environments
Possible implementation
using docker(-compose) secrets/k8s secrets a secret could be created
Then used to create and protect the resource
And then used to access the resource.
Additional information
No response
The text was updated successfully, but these errors were encountered: