Secrets management
While we have identified that we'd like to use Kubernetes secrets for now, there are still a few areas that we need to further identify:
- How secrets will be generated within the Helm chart (https://gitlab.com/charts/helm.gitlab.io/issues/85)
- How to securely pass in secrets of external services (like database credentials)
- Broader security of Kubernetes secrets
- DAR encryption of secrets: https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/
- Ability to integrate with KMS services (Vault, cloud KMS services, etc.)(https://github.com/kubernetes/kubernetes/issues/51965#issuecomment-339333937)
Edited by Joshua Lambert