-
Notifications
You must be signed in to change notification settings - Fork 59
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for stringData in Opaque secrets #127
Comments
Discovered a new kubernetes application deployment that needs secrets with |
+1 SeldonCore needs this - Seldon docs here |
+1 I would say that the ArgoCD use case is a VERY valid reason to plan this work. Many companies are adopting ArgoCD for GitOps workflows. Please see the github ssh secret example from the ArgoCD Docs |
Tailscale operator also needs this 🙏 |
Hi there, I just deploy the following
and the secret generated is as follow:
Argocd doesn't care if your secret is of type |
I just spend way to much time trying to find out why cert-manager gave errors contacting the cloudflare api. It is because the 1password secret was not (and cant) be defined as stringData. Does not work apiVersion: onepassword.com/v1
kind: OnePasswordItem
metadata:
name: cloudflare-api-token
namespace: cert-manager
spec:
itemPath: "vaults/my-vault/items/cloudflare-api" Works apiVersion: v1
kind: Secret
metadata:
name: cloudflare-api-token
namespace: cert-manager
type: Opaque
stringData:
api-token: secret-token-here Now I just have to make sure to not commit the secret 🫠 Would be great for this to be added to 1password somehow |
Summary
For some usecases I'll need a Kubernetes Sercret from type
Opaque
with data instringData
and not indata
. See also https://kubernetes.io/docs/concepts/configuration/secret/#restriction-names-data. That is a native Kubernetes use case which would be great, to have it in combination with 1Password Operator.Use cases
Allow to store secret values that are not base64 encoded in
stringData
for applications that need unencrypted values in a Kubernetes Secret.Proposed solution
Adding option to specify if Opaque secret will store the values in
data
orstringData
.Following OnePasswordItem ...
... should create a Kubernetes Secret like this:
Is there a workaround to accomplish this today?
If the application supports it, you can decode the base64 encoded value before use. In my case, that's not possible.
The text was updated successfully, but these errors were encountered: