You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There are some secrets in the GCP Secret Manager that are old and unused by anything running anymore (I created some of them), and some with duplicate values. It would be useful to go through and check each to see if it's needed, and delete it if not.
It would also be useful to combine this with an audit of the Confluent API keys we're using internally. There is probably some duplication or some created because the secret was not known and not in the secret manager.
For example the confluent stage cluster has these which are hard to tell apart:
BG-Staging (in stage secret manager under dx-bg-staging)
BGStaging
staging (in stage secret manager under kafka-credentials)
And these which were both created for the bg web group but I'm not sure which they're using.
web-stage
BGWebStage
The text was updated successfully, but these errors were encountered:
@theferrit32 I think it makes sense to piggy back this requirement onto this issue (I can make another issue if you think that's better): We should get rid of those {dev,stage,prod}-secrets deployments, and have each app's helm chart deploy their own ExternalSecret manifests.
In cases like confluent where we want/need to conserve the number of API keys, I think you can have the same GCP secret as the source of multiple externalsecrets. But, I think it would be best from a deployment/cleanliness perspective if each app was deploying its own secrets.
There are some secrets in the GCP Secret Manager that are old and unused by anything running anymore (I created some of them), and some with duplicate values. It would be useful to go through and check each to see if it's needed, and delete it if not.
It would also be useful to combine this with an audit of the Confluent API keys we're using internally. There is probably some duplication or some created because the secret was not known and not in the secret manager.
For example the confluent stage cluster has these which are hard to tell apart:
And these which were both created for the bg web group but I'm not sure which they're using.
The text was updated successfully, but these errors were encountered: