Open maqiuyujoyce opened 4 years ago
Hi. I think this project might be relevant/helpful: https://github.com/GoogleCloudPlatform/secrets-store-csi-driver-provider-gcp
Project description: Google Secret Manager provider for the Secret Store CSI Driver. Allows you to access secrets stored in Secret Manager as files mounted in Kubernetes pods.
It can sync Secret Manager secrets into Kubernetes Secrets as well (and keep them updated). More info: https://secrets-store-csi-driver.sigs.k8s.io/topics/sync-as-kubernetes-secret.html See the example here: https://github.com/GoogleCloudPlatform/secrets-store-csi-driver-provider-gcp/issues/37#issuecomment-678833504
Hi @mikelnrd, thanks for sharing the project. This looks helpful for the use case described in this issue.
Per @kozejonaz in this comment:
I see that versions seems to be supported now, which is very cool. However, and this should probably be a separate issue/question, but do you have plans on making it possible to get secrets directly from Secret Manager to avoid having the secret as a k8s-object at all? Use-case: when creating a SQLUser you could fetch from Secret Manager directly to avoid creating a k8s Secret. I know you have projects like https://github.com/GoogleCloudPlatform/berglas that you could use as a sidecar etc., but it would be interesting to hear if you've considered this (if it's feasible/makes sense that is).