Secrets in config #21

Open
opened 2026-04-28 08:15:45 +10:00 by unkinben · 0 comments
Owner

Some remotes require secrets in the config yaml file. These secrets should be read from Kubernetes secrets or directly from vault.

Best option (support multiple maybe) would be to use the Kubernetes service account jwt to mint a token and read all secrets it needs into memory. We would need a way to put the vault path, or Kubernetes secret path, into a string in the username/password fields (and others).

Some remotes require secrets in the config yaml file. These secrets should be read from Kubernetes secrets or directly from vault. Best option (support multiple maybe) would be to use the Kubernetes service account jwt to mint a token and read all secrets it needs into memory. We would need a way to put the vault path, or Kubernetes secret path, into a string in the username/password fields (and others).
Sign in to join this conversation.
No Label
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: unkin/artifactapi#21