Currently we have dependencies on credentials files for ispyb and zocalo. These files are for our purposes opaque blobs that we pass to the ispyb-api and zocalo libraries, that contain a bunch of configuration as well as various credentials and may even refer to other files.
The way they are used effectively forces us to mount these directly in to the container with bind mounts, however the more proper way would be to use the secrets functionality, but this would require us to ideally have more bite-sized pieces of data.
We should discuss with the team what their plans are wrt. containerisation and migration of secrets.
Currently we have dependencies on credentials files for ispyb and zocalo. These files are for our purposes opaque blobs that we pass to the
ispyb-api
andzocalo
libraries, that contain a bunch of configuration as well as various credentials and may even refer to other files.The way they are used effectively forces us to mount these directly in to the container with bind mounts, however the more proper way would be to use the secrets functionality, but this would require us to ideally have more bite-sized pieces of data.
We should discuss with the team what their plans are wrt. containerisation and migration of secrets.