Currently we are embedding secrets required by different github actions into the repositories. When the actions run the secrets are loaded to the environment, where the scripts can then access and use them.
As we start to expand and have the use for more secrets we should move the storage of the secrets to a service like vault. There are two options in terms of which vault to use. There is a vault that comes with our openshift namespace, however should also have a conversation with one team to find out about whether the vault service they provide could provide us with more configuration options.
This ticket will provide the following documentation:
how to populate a secret into vault
how to access secrets in vault
how we will cycle the vault tokens
The ticket will also migrate how we use secrets in all the other RFC repositories:
Currently we are embedding secrets required by different github actions into the repositories. When the actions run the secrets are loaded to the environment, where the scripts can then access and use them.
As we start to expand and have the use for more secrets we should move the storage of the secrets to a service like vault. There are two options in terms of which vault to use. There is a vault that comes with our openshift namespace, however should also have a conversation with one team to find out about whether the vault service they provide could provide us with more configuration options.
This ticket will provide the following documentation:
The ticket will also migrate how we use secrets in all the other RFC repositories: