Details
-
Type:
Story
-
Status: Done
-
Resolution: Done
-
Fix Version/s: None
-
Component/s: None
-
Labels:
-
Story Points:1.2
-
Epic Link:
-
Team:SQuaRE
Description
sealed-secrets provides a way of encrypting secrets with a private key that's only available from the Kubernetes cluster. This provides an easy way to securely commit secret resources for a Kubernetes deployment into a Git repository (such as for Roundtable's Argo CD-based workflow). This is similar to how Travis CI lets you encrypt secrets and commit those encrypted secrets into the repo's .travis.yml file.
Note that a better alternative is to use LSST's centralized Vault, but at the moment we haven't figured out the right workflow for Roundtable-based apps to use Vault.
Attachments
Issue Links
- relates to
-
- Done
Activity
User docs for Sealed Secrets: https://roundtable.lsst.io/app-guide/using-sealed-secrets.html
Deployment for Sealed Secrets: https://github.com/lsst-sqre/roundtable/tree/master/deployments/sealed-secrets
The sealed-secrets app is deployed and has been used; need to finish the user-facing docs.