[feature] Secrets stored in omni #572
Labels
Comments
|
It would be great to also be able to deploy these secrets via |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Problem Description
I would like to store secrets in omni which can be used as part of a cluster template, but not shared or exposed, only added when Omni compiles the template.
Solution
Similar to GitHub Actions secrets, this could be an add only (no view) secret, and a reference which can be rendered when clusters are deployed. This would allow initial bootstrap secrets (for example to get ExternalSecrets connected and working) in a new cluster, and still not have them visible in cluster templates or patch config screens.
Alternative Solutions
I don't see this as a replacement for External Secrets, but a method to give External Secrets and Tailscale the secrets needed to bootstrap a cluster.
Notes
I'm trying to use clusters almost exclusively ephemerally, so bootstrapping a cluster is a multiple times per day occurance. Removing the need to have secrets in plain text would be very much appreciated.
The text was updated successfully, but these errors were encountered: