mtricht
commented
3 years ago Probably a good start would be to use the sops go package instead of executing the binary, much like how Flux's kustomize-controller does. However, it does have the limitation you speak of, that is has one "global" KMS auth.
figure out how to best connect AWS/AKS/etc auth to App CR's service account so that each App CR does not get "global" KMS auth.