Support both clear password configuration (as-is) and externalised secret reference (to-be) with this overriding the clear password config. This is generally the standard approach taken by the wider Helm community.
ONLY support externalised secret reference (to-be) with there being NO option to set a clear password. This would mean that deployers of Mojaloop would HAVE to create prior to deploying Mojaloop or utilise an existing secret. The idea being here that we would FORCE Mojaloop deployers to ALWAYS adhere to best practices.
Request Details:
Deadline: 2023-02-15
Impact (Teams): Possiby extra effort required depending on the decision.
Impact (Components): Possiby extra effort required depending on the decision.
Support both clear password configuration (as-is) and externalised secret reference (to-be) with this overriding the clear password config. This is generally the standard approach taken by the wider Helm community.
All clear-type passwords in the Mojaloop charts should be "cleared" and set to an empty string
Request Summary:
As part of story 'feat(mojaloop/#3082): Utilise externalised secrets for password management', we are externalising all password management (i.e. secrets) by adding support in the Mojaloop Helm Charts to reference an externalised secret definition within Kubernetes.
We have two approaches here:
Request Details:
A decision on one of the two approaches.
Artifacts:
Dependencies:
Accountability:
Decision(s):
Decision by DA on 2023-02-15
Approved By: All attending DA members on DA Meeting held on 2023-02-15
Details
Follow-up: