[Jetstream Controller] Use secrets for username/password authentication #876
Labels
proposal
Enhancement idea or proposal
Comments
|
This is an example using account. apiVersion: jetstream.nats.io/v1beta2
kind: Account
spec:
name: <accountName>
servers:
- nats://<user>:<password>@<host>:<port>apiVersion: jetstream.nats.io/v1beta2
kind: Stream
spec:
account: <accountName> |
|
@hhk7734 with this the username and password would still be exposed because the account.yaml would also be in git |
|
Do you use an external secret like a vault? |
|
Using AWS secrets manager with external-secrets operator. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What motivated this proposal?
I'm using username and password authentication and would like to use the controller. I'm using ArgoCD so all my yamls are in my git repos.
What is the proposed change?
One way I think is allowing the controller to interpolate env variables: nats-io/nack#76 (comment)
And then change the deployment.yaml file to accept
extraSecretMounts. I could do the PR for this.Who benefits from this change?
Anyone using username/password authentication, gitops and wants to use the jetstream controller.
With gitops practices all the helm/yaml files are stored in git, so without this you would be exposing your creds.
What alternatives have you evaluated?
No response
The text was updated successfully, but these errors were encountered: