Closed yoomlam closed 1 year ago
Update:
The dev and prod stories are complete; there is just one more story to finish getting [HashiCorp Vault] ready for customer use (setting up onboarding, ArgoCD integration, and documentation for the most part). It's currently in work, so hopefully within the next sprint or two
Usage demo on Feb 15th
Not yet released this week. Pushing it to next sprint or until online documentation is available.
Meeting with LHDI today to get started. I'll start creating a list of secrets currently in K8s so they can automated.
Context: secrets etc are stored in K8s and were created ad hoc, without supporting documentation. This directly impact maintenance of VRO; it would be challenging to rotate credentials in the current state, for example. LHDI is in process of providing HashiCorp Vault, which would provide a solution to manage credentials in a shared vault.
Notes from meeting with LHDI:
Need to test non-dev images. Blocked by SecRel-alerts.
VRO deployed to prod-test successfully.
Let's do this in Jan 2023. Dependent on LHDI providing the HashiCorp Vault.
Follow-on from #717, where a github "machine user" account was created. Use LHDI's HashiCorp Vault for shared credentials for these accounts so that admins (Yoom), SecRel maintainer (Seth), and DevOps have access to the accounts.
Slack
Document Secrets in each env and connect to HashiCorp Vault
kind: Secret
files https://phoenixnap.com/kb/helm-environment-variables