Configuration files with sensitive data must be stored as secrets

gravitee-io / issues

Gravitee.io - API Platform - Issues

64 stars 26 forks source link

Configuration files with sensitive data must be stored as secrets #7845

Closed sebastien-helbert closed 1 year ago

sebastien-helbert commented 2 years ago

:rainbow: Feature

Gravitee helm charts must store some configuration files in "Secrets" instead of "ConfigMap" to keep sensitive data safe.

:sunrise_over_mountains: Additional information

Detailed behaviour, rules or additional interesting stuffs...

helm install graviteeio-apim3x graviteeio/apim3 generate some configMap like graviteeio-apim3x-api and graviteeio-apim3x-gateway which contains sensitive information like credentials, oidc coinfiguration, etc.

Those config files should be stored in secrets.

:rocket:

brasseld commented 2 years ago

Indeed, that could be an interesting option @sebastien-helbert

The other option (which is the one most of the user / customers /ourselves are relying on) is to define sensible configuration with environment variables which are defined from secrets.

sebdevaux commented 1 year ago

Hello @sebastien-helbert Thank you for your contribution! This is a good improvement however we won’t be able to merge it right now as it will be a major change for our users. On our side, we are working on refactoring the gravitee.yml handling, the idea is to offer multiple solutions without breaking the actual process. So I think we can close this PR for now and maybe recheck it when the changes we’ve in progress will be merged