e-grigorov
commented
1 year ago First of all, I would like to emphasize that the Kanto container management doesn't pretend to be a K8s distribution. For that reason, many K8s features are not considered/out of scope. So far, the secrets weren't on the radar because of different OS/platform specific reasons:
- ensure the secure storage
- reuse of system dependent secure storages
- support for different formats like PKCS#11
- support for HSM, TPM etc.
- ensure no secrets leakage - no swap usage, special handling of the system hibernate etc.
- ...
How is this supposed to be working in Kanto conceptually?
Depends on the use case, different options can be used/combined:
- mount points - which can expose some files, note that the specific disk partitions can be encrypted
- environment variables
- container process arguments
k-gostev
Kanto seems to be missing a facility/feature to manage container secrets (e.g. environment variables, config files, certificates, ..).
Kubernetes has the concept of Secrets which are kept in an encrypted database and could have been updated during runtime via the API.
How is this supposed to be working in Kanto conceptually?