Secrets Delivery on ROSA/ARO with external-secrets operator
scottd018 opened this issue · comments
This is available as a community operator. External-secrets abstracts the underlying secret vaults into an ExternalSecret
resource. Would be nice to have a writeup on this for those that want to deliver secrets securely to their clusters.
https://external-secrets.io/v0.7.2/
NOTE: secrets are synced from the vault to Base64-encoded K8S secrets. It should be noted that backups of the etcd database should probably be encrypted if you are to use this methodology and accept the performance penalty of the extra encryption.
Issue has gone stale, closing. Feel free to open a PR for this content if you'd like it 😄