Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for composed secrets #169

Open
brizzbuzz opened this issue Aug 9, 2023 · 0 comments
Open

Support for composed secrets #169

brizzbuzz opened this issue Aug 9, 2023 · 0 comments

Comments

@brizzbuzz
Copy link

Summary

Hey... if this is already possible sorry, could not figure out from the docs a way to do this.

What I would like to achieve is a way to leverage a credential across multiple secrets, with those secrets each containing that credential (among other details).

Use cases

My personal use case for this would be configuring ArgoCD repositories. This can be done declaratively using K8 manifests as follows

apiVersion: v1
kind: Secret
metadata:
  name: private-repo
  namespace: argocd
  labels:
    argocd.argoproj.io/secret-type: repository
stringData:
  type: git
  url: [email protected]:argoproj/my-private-repository
  sshPrivateKey: |
    -----BEGIN OPENSSH PRIVATE KEY-----
    ...
    -----END OPENSSH PRIVATE KEY-----

In this case, the only thing that I would like the 1Password operator to manage is the sshPrivateKey. Everything else, I would like to not only declare normally, but would like to be able to reuse the sshPrivateKey across many manifests.

At the moment, it seems like the only supported approach would be instead for me to create N 1Password entries (1 per repository), and store info like url within the 1password secret.

Proposed solution

This is just spitballing, but perhaps something like this

apiVersion: onepassword.com/v1
kind: ConstructedOnePasswordItem
metadata:
  name: private-repo
  namespace: argocd
  labels:
    argocd.argoproj.io/secret-type: repository
stringData:
  type: "git
  url: "[email protected]:argoproj/my-private-repository"
1passwordStringData:
  sshPrivateKey: "vaults/Infrastructure/items/ArgoGitCreds/ssh_private_key"

Is there a workaround to accomplish this today?

Not that I'm aware of, and regardless this particular example is blocked on the inability to write to stringData as mentioned here #127

References & Prior Work

N/A

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant