Use a secret for logical backup credentials

stgrace commented 2 years ago

Is it possible at the moment to use a secret for logical backup credentials? Reason why I am asking is because we setup the postgres operator and its config using flux, which means that all the config is stored in git. We can hardly store the credentials in the configmap in clear text in git.

For physical backups it is already possible to use secrets with credentials in there, it would make sense in my opinion to do the same for logical backups?

Please, answer some short questions which should help us to understand your problem / question better?

Which image of the operator are you using? e.g. registry.opensource.zalan.do/acid/postgres-operator:v1.6.2
Where do you run it - cloud or metal? Kubernetes or OpenShift? Any platform [AKS, EKS, bare metal, OpenShift,...]
Are you running Postgres Operator in production? [yes ]
Type of issue? feature request

stgrace commented 2 years ago

Should be fixed in #1669

coman3 commented 2 years ago

Other option is to use sealed secrets, a great guide on this can be found here: https://blog.sighup.io/sealed-secrets-in-gitops/

stgrace commented 2 years ago

Other option is to use sealed secrets, a great guide on this can be found here: https://blog.sighup.io/sealed-secrets-in-gitops/

Sealed secrets would not solve this. All it does is decrypt a sealed secret into a k8s secret, so it would still not work

zalando / postgres-operator

Use a secret for logical backup credentials #1653