Storing api token in Secret instead of ConfigMap

Question

Storing api token in Secret instead of ConfigMap

javefang opened this issue 6 years ago · 4 comments

The .Values.arrays contains both non-sensitive data like management endpoint and also sensitive data like api token. Ideally credentials like api token should be stored as Secret instead of ConfigMap.

Answer 1 · 2019-03-19T18:27:16.000Z

I agree, api tokens need to be secured.

Would this (https://developer.epages.com/blog/tech-stories/kubernetes-deployments-with-helm-secrets/) be a possible solution ?

@javefang suggestions are welcome !

Answer 2 · 2019-03-19T18:41:53.000Z

@javefang are you saying you just want the API token to be in a secret, but still visible in the values.yaml file, or do you want to obfuscate in the YAML as well?

Answer 3 · 2019-03-19T21:17:53.000Z

@taherv @sdodsley, I think for the scope of this chart, just moving the api token from ConfigMap to Secret will suffice.

How to obfuscate the value from the values.yaml file can be left to user to solve. (E.g. helm secrets looks good)

Answer 4 · 2019-03-20T16:33:19.000Z

I've submitted a PR as a potential solution for review :)