Argocd-autopilot should persist secrets to git

argoproj-labs / argocd-autopilot

Argo-CD Autopilot

https://argocd-autopilot.readthedocs.io/en/stable/

Apache License 2.0

905 stars 122 forks source link

Argocd-autopilot should persist secrets to git #46

Open oren-codefresh opened 3 years ago

oren-codefresh commented 3 years ago

Can be sealed-secret , kubernetes-external secrets

pmcjury commented 3 years ago

sops or whatever. It would be nice to have a plugin type secret manager where we could specify the provider i.e. sealed-secret, vault, sops, etc.

--secret-provider sops

The hard part would be supporting all kinds of providers. Ones we could import like sops or anything written in go with a decent lib wouldn't be hard, but anything else where we would shell out could be hard.

myspotontheweb commented 2 years ago

There is a vault plugin available for ArgoCD now

https://argocd-vault-plugin.readthedocs.io/en/stable/

How you'd use this would be application specific, I don't see how auto-pilot adds any value here. Just configure the Kustomize configuration to generate the appropriate YAML and let the ArgoCD plugin substitute the secret value.

The same logic applies to using sealed secrets of kubernetes-external I think. I'm interested in what specific secrets you think auto-pilot should be generating?

nwmcsween commented 2 years ago

My vote would be for something using agebox due to dependencies and secrets outside of gitops sort of breaks gitops