Joseph-Irving
commented
5 years ago Hi,
So we currently have a few pods that require access to multiple dbs and we have just ran a vault-creds container for each, this hasn't been much of an issue for us as we automate the addition of vault-creds containers, but I appreciate this could become a bit of a mess if you need a lot of different secrets from vault.
It would be great if people would like to contribute this, but I would like to get this repo into a better state first. The code has grown fairly large and cumbersome as what was originally a very basic thing get various new functions bolted on to it, it also doesn't have any tests, so reviewing external PRs is tricky.
I started refactoring all the code in a branch, breaking it up, adding some tests etc, sadly have not got around to finishing it though, so I'll try and get that all done to make this much more pleasant to contribute to.
First of all, I think this project is doing an awesome job and heads in the right direction. As already stated in #19 most people are gonna use more than the database secret engine, so does my current client. Since we require to generate AWS credentials as well as pure database credentials on Aurora MySQL. Which breaks the current state of this project down into multiple options:
1) Run two different init containers, one for the AWS credentials and one for the MySQL credentials, then merge the two
leaseandtokenfiles and run a sidecar renewing both of them, or 2) Refactor the current code to support multiple secrets 3) use a different toolI'd like to go with option 2 and will have a deeper look into the code asap. Any thoughts on this one?