Allow option to load MYSQL_PASS from file instead of ENV #55
Labels
component/backend
Related to backend component
component/helm
Related to helm charts
good first issue
Good for newcomers
kind/enhancement
improvement to an existing capability
skill/helm
Comments
rubenhak
added
component/backend
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
No. But having the option to load password from file would allow easy integration with external centralized secret storage such as Hashicorp Vault. This is great for operator that do not want to store credentials in k8s etcd as Secret (which is unencrypted by default), and rely on external vault service.
The Vault Agent Injector can automatically mount the secret as a file to the kubevious pod, which the path can then sent to the arguments.
Describe the solution you'd like
Allow passing argument such as the following to load from file
If the file is not specified, then fallback to ENV or string literal
--mysql-password-literal=myawesomepasswordDescribe alternatives you've considered
Patch the Deployment with Hashicorp-vault-agent-injector annotations to mount, then template it to ENV.
Additional context
None
The text was updated successfully, but these errors were encountered: