Vault secret provider
WillPlatnick opened this issue · comments
Some people may want to use vault as a secret provider rather than GitLab.
TL;DR - We're not going to do this for now.
As a status update, we're not sure how we want to build this integration in.
The root problem is that secrets in k8s aren't super secret. So, people want to use vault to store their secrets securely.
At the same time, putting your secrets in vault and not using Kubernetes secrets introduces a runtime dependency on vault being up when pods start up. We're not sure we want to introduce something else that can go down into our applications.
The other alternative is to sync vault secrets to k8s secrets...but I don't see much of a point.
As of now, we're going to remove this functionality from the roadmap, and we will revisit as Kubernetes secrets mature.