Secrets management

While we have identified that we'd like to use Kubernetes secrets for now, there are still a few areas that we need to further identify:

How secrets will be generated within the Helm chart (https://gitlab.com/charts/helm.gitlab.io/issues/85)
How to securely pass in secrets of external services (like database credentials)
Broader security of Kubernetes secrets
- DAR encryption of secrets: https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/
- Ability to integrate with KMS services (Vault, cloud KMS services, etc.)(https://github.com/kubernetes/kubernetes/issues/51965#issuecomment-339333937)

Edited Dec 13, 2017 by silv