Closed lottspot closed 7 years ago
The best solution to solve this problem will be to store such credentials as kubernetes secrets which are exposed to the requiring container as environment variables.
This is a solved problem at this point. Kubernetes has a dedicated resource type for secrets, which can be exposed to containers as environment variables. We can store the secrets in the ops git repository by encrypting them with blackbox.
There is some shared infrastructure which it would be in our interest to deploy (e.g., shared databases). Project-specific access to such shared resources would obviously require the creation and distribution of credentials.