gnudeep
commented
3 years ago @hank-rplp current IAM k8s operator does not support secure vault feature which WSO2 servers use to encrypt configuration files.
You need to enable secure vault in the product and manage the secure vault password after the deployment.
WSO2 IAM supports Harshicorp vault.
https://medium.com/@sandunin/external-vault-support-for-wso2-carbon-configurations-1-718d121d19d8
Description: I'm looking into using the wso2is-operator as described here, but have run in to some administrative issues.
In the environment I am working currently, all the k8s configurations must be committed to a Git repository. The ArgoCD operator will then pull the repo for new yaml configs and apply them to the cluster.
Secret information such as certificates, keys, credentials and similar can be committed to the Git repo safely by using sealed secrets.
The wso2is-operator introduces the new custom resource definition:
Since this is not a secret, it can not be sealed as a sealed secret, and since the Wso2Is object will contain various passwords and other secret data, it can not be added to the Git repository as is.
Is there any suggested solution to this problem?
Suggested Labels:
Git, WSO2, IS, WSO2-IS, secret, security
Affected Product Version: 5.11.0