You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
In v3, there will be support for encrypting secret values, but it's not currently backed by Public/Private keypairs.
It could be useful to be able to distribute the public key (for instance to developers) so that anybody could create random passwords without being able to reverse them.
This model helps devs own secure production deploys.
Describe the solution you'd like
Use keypairs for the secret PKI.
Also potentially add password generation helpers in psykube.
Devs can then immediately write these strings to their psykube manifests and expect CI to decrypt the values.
Describe alternatives you've considered
Bitnami sealed secrets follow a similar pattern to this.
Additional context @jwaldrip suggested this feature during a discussion here @ Google Boulder.
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
In v3, there will be support for encrypting secret values, but it's not currently backed by Public/Private keypairs.
It could be useful to be able to distribute the public key (for instance to developers) so that anybody could create random passwords without being able to reverse them.
This model helps devs own secure production deploys.
Describe the solution you'd like
Use keypairs for the secret PKI.
Also potentially add password generation helpers in psykube.
Devs can then immediately write these strings to their psykube manifests and expect CI to decrypt the values.
Describe alternatives you've considered
Bitnami sealed secrets follow a similar pattern to this.
Additional context
@jwaldrip suggested this feature during a discussion here @ Google Boulder.
The text was updated successfully, but these errors were encountered: