Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support storing & accessing secrets from within Kurtosis #2263

Open
mieubrisse opened this issue Mar 7, 2024 · 0 comments
Open

Support storing & accessing secrets from within Kurtosis #2263

mieubrisse opened this issue Mar 7, 2024 · 0 comments
Labels
feature request

Comments

@mieubrisse
Copy link
Member

mieubrisse commented Mar 7, 2024
edited

Background & motivation

This has been needed several times:

Desired behaviour

  1. Kurtosis allows users to store secrets as strings within the Kurtosis engine
  2. Secrets are stored securely, without risk of leaking (both locally, and more importantly in the Cloud)
  3. Secrets are persistent through engine restarts
  4. Users can reference secrets at any point by slotting in a future reference. At runtime, Kurtosis will replace the future reference with the actual secret value in a secure way (by communicating securely to the secrets manager)

@lostbean and I spec'd out a way to do Step 4 by injecting a wrapper binary into every secret-consuming user container that will securely pull the secret value at runtime. This has the extra benefit of the secret not even being revealed upon docker container inspect.

How important is this to you?

Painful; the lack of this feature makes using Kurtosis frictionful.

What area of the product does this pertain to?

CLI: the Command Line Interface
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mieubrisse