Allow option to load MYSQL_PASS from file instead of ENV #55
Labels
component/backend
Related to backend component
component/helm
Related to helm charts
good first issue
Good for newcomers
kind/enhancement
improvement to an existing capability
skill/helm
Is your feature request related to a problem? Please describe.
No. But having the option to load password from file would allow easy integration with external centralized secret storage such as Hashicorp Vault. This is great for operator that do not want to store credentials in k8s etcd as Secret (which is unencrypted by default), and rely on external vault service.
The Vault Agent Injector can automatically mount the secret as a file to the kubevious pod, which the path can then sent to the arguments.
Describe the solution you'd like
Allow passing argument such as the following to load from file
If the file is not specified, then fallback to ENV or string literal
--mysql-password-literal=myawesomepassword
Describe alternatives you've considered
Patch the Deployment with Hashicorp-vault-agent-injector annotations to mount, then template it to ENV.
Additional context
None
The text was updated successfully, but these errors were encountered: