search

mojaloop / design-authority-project

This is the Issue and Decision Log for tracking mojaloop and related Designs
1 stars 2 forks source link

Guidiance on feat(mojaloop/3082): Utilise externalised secrets for password management #98

Closed mdebarros closed 1 year ago

mdebarros commented 1 year ago

Request Summary:

As part of story 'feat(mojaloop/#3082): Utilise externalised secrets for password management', we are externalising all password management (i.e. secrets) by adding support in the Mojaloop Helm Charts to reference an externalised secret definition within Kubernetes.

We have two approaches here:

  1. Support both clear password configuration (as-is) and externalised secret reference (to-be) with this overriding the clear password config. This is generally the standard approach taken by the wider Helm community.
  2. ONLY support externalised secret reference (to-be) with there being NO option to set a clear password. This would mean that deployers of Mojaloop would HAVE to create prior to deploying Mojaloop or utilise an existing secret. The idea being here that we would FORCE Mojaloop deployers to ALWAYS adhere to best practices.

Request Details:

A decision on one of the two approaches.

Artifacts:

Dependencies:

Accountability:

Decision(s):

Decision by DA on 2023-02-15

Approved By: All attending DA members on DA Meeting held on 2023-02-15

Details

Follow-up:

- [ ] Actions to implement the decisions
mdebarros commented 1 year ago

Decision by DA on 2023-02-15