Rethink on how temporary secrets are stored on the target machine
Description
In !876 (closed) an interesting point was made !876 (comment 93721659)
There's also one inconsistency. For
CI_PROJECT_DIR: /some/directory/path
we will create a dynamic volume for/some/directory
, this seems like a wrong way of doing that. Should we also figure out how we handle that case? it seems that we create such volume to store temporary secrets in/some/directory/path.tmp/SECRET_FILE
. It seems to me a wrong thing to do. Maybe we should always create a temporary ephemeral volume just to store secrets? It seems that we might have some serious problems due to that.
@ayufan would appricate it if you can define all problems that comes with this
Proposal
- Store this in a seperate directory then from the defined
CI_PROJECT_DIR