Kubernetes-secret operator #336
Comments
|
hi @LucasSegersFabro, we're considering it (others have requested it as well) but I also have some philosophical misgivings at the moment. Currently my raw thoughts are this:
essentially, I'm currently hesitant to get into the kubernetes external secrets controller because I see it mainly as a mechanism to interact with non-open non-agnostic vaulting systems. what if you just shipped your .env.vault file with your code on kube? and just set a single DOTENV_KEY env/secret in kube? welcome all thoughts here. my thoughts are developing here and I really do not know kube well. |
|
hey @motdotla , I completely understand maybe you'd want a plug and play controller for a "premium tier", since it would poll from your servers if customers want it really hard as for me things would work fine if I use the versioned file as the source of truth (given that we always remember to pull/commit it). the only hassle would be that I'd need an environment with nodejs to use the cli (and decrypt the file). Maybe if it was shipped with static-linked binaries (like with golang) this would be a non-issue feel free to close the issue if needed, since I can easily work around it |
yeah, dotenvx is/has solved that problem. increasingly, moving development efforts towards it and probably will coalesce dotenv-vault towards it as well |
Hey!
I love dot-env vault and I was wondering if there are any considerations for an auto sync solution for a kubernetes cluster.
Main use case:
Something like external-secrets controller that has a well-stabilished API and implementations for different providers
Probably the controller would have to poll each configured secret for changes and pull them if needed, so maybe it's not something you'd want to enable for everyone at the same time (even though I guess that the majority of calls would be polling for the latest version)
Thanks :)
The text was updated successfully, but these errors were encountered: