[X] I've searched for similar issues and couldn't find anything matching
[X] I've discussed this feature request in the K8sGPT Slack and got positive feedback
Is this feature request related to a problem?
Yes
Problem Description
I am frustrated trying to add a sink whose endpoint contains an API Key that should remain a secret. I believe there is a security risk associated with saving endpoints that might contain secrets as plaintext strings in the CR, such as the Slack webhook URL, for example.
Solution Description
I think the best solution would be to add a field in the Sink type for a secret. The creator of the sink can then determine how to use this secret to build their request in the configure method.
Let's consider a hypothetical Telegram bot as a sink. Requests to the Telegram API are presented in the form https://api.telegram.org/bot<token>/METHOD_NAME. The https://api.telegram.org/bot could be stored in the endpoint field, and the token stored as the secret. The full URL could then be assembled in the configure method.
Benefits
Allows users to create sinks with secrets. Additionally, it allows users to create sinks where authentication is separate from the endpoint. For example, authentication that can be passed via headers instead of being inherently tied to the endpoint.
Checklist
Is this feature request related to a problem?
Yes
Problem Description
I am frustrated trying to add a sink whose endpoint contains an API Key that should remain a secret. I believe there is a security risk associated with saving endpoints that might contain secrets as plaintext strings in the CR, such as the Slack webhook URL, for example.
Solution Description
I think the best solution would be to add a field in the Sink type for a
secret. The creator of the sink can then determine how to use this secret to build their request in theconfiguremethod.Let's consider a hypothetical Telegram bot as a sink. Requests to the Telegram API are presented in the form
https://api.telegram.org/bot<token>/METHOD_NAME. Thehttps://api.telegram.org/botcould be stored in the endpoint field, and thetokenstored as the secret. The full URL could then be assembled in theconfiguremethod.Benefits
Allows users to create sinks with secrets. Additionally, it allows users to create sinks where authentication is separate from the endpoint. For example, authentication that can be passed via headers instead of being inherently tied to the endpoint.
Potential Drawbacks
No response
Additional Information
I would be happy to work on this