[Feature Request] Reference API token from a kubernetes secret object

Question

[Feature Request] Reference API token from a kubernetes secret object

Opened this issue 5 years ago · 3 comments

Currently, the API token is specified as a string literal in PSOPlugin object in purestorage.com/v1.

Since we check in all cluster objects in a git repository, this would mean that we have to expose the token to everyone who has read permission to the repository. This is not very secure.

Kubernetes secret is designed for managing sensitive information, and there are many options to allow us to safely version control secrets in git in encrypted form.

Can we allow the token to be referenced as a, for example, v1.SecretKeySelector?

Answer 1 · 2020-04-02T12:13:57.000Z

@caryli-ps can we look into this?

Answer 2 · 2020-09-10T19:27:55.000Z

This just came up for us as well, we noticed that there was no way to get the API Token from a secret... It would require some restructuring, probably :(

Answer 3 · 2020-09-10T19:44:46.000Z

@TJM I believe we now hold these API tokens in a secret but are not held in a secret that can be accessed by the Helm chart. This is still an open RFE