Subscription Id and Tenant Id into Secret

[TsuyoshiUshio]

Describe the request

The current yaml file requires SubscriptionId and Tenant Id on the yaml file. I'd like to find a way not to include these on the yaml file.

Explain why Key Vault FlexVolume needs it

yaml file is shared sometimes on GitHub. SubscriptionId and TenantId is pretty sensitive. I hope it is not included on a yaml file. I said secret, however, if the objective is achieved, I don't care the way to solve.

Describe the solution you'd like

You can get the value from the secret.

Describe alternatives you've considered

I can't come up with it.

Additional context

Nothing

[nmiodice]

Also interested in this. What is the best practice for swapping these values based on stage (i.e., dev, prod)?

[timja]

Also interested in this. What is the best practice for swapping these values based on stage (i.e., dev, prod)?

subscriptionId is optional and tenantId is often fairly static, we just hardcode it as we only have one tenant that we deploy to

[nmiodice]

We deploy dev and prod to different subscriptions. Would be great to swap these out by stage, along with the keyvaultname

[timja]

We deploy dev and prod to different subscriptions. Would be great to swap these out by stage, along with the keyvaultname

then this doesn't apply? subscription id doesn't do anything any more, it's just ignored

[aelmanaa]

why is tenantid needed? especially if we use pod identities: the managed resource which the pod refers to is already part of a tenant. Seems redundant to repeat "tenantid" in the specifications of the pod

[ElYusubov]

I am also interested to see how sub and tenant Id info could be protected. Please, provide secret support.

[aramase]

Hey everyone,

Thanks for the feedback!

AKV Provider for Secrets Store CSI Driver is the next generation of this flexvol solution/repo. Please start using the secrets store csi driver as this solution has been deprecated.