How do people store secrets? #528
Unanswered
groucho64738
asked this question in
Q&A
Replies: 1 comment
-
|
there is k8s namespace isolation, and also I think you could add some rbac policy other pods in other namespace could not access secret in current namespace. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I just tested the smb mount and got it working in my environment, so kudos on this solution. I have a concern (and it's not necessarily specific to csi-driver-smb) about the password security and access to the secret by other users. Just following through the directions, I created a k8s secret with username and password. That password is in plain text essentially, which means an admin or another user in my namespace can just look at the secret and see my password. Is there a better way to get those secrets stored? What do other folks do to get around that? I'm looking at something like Hashicorp Vault maybe, but before I go down a rabbit hole of other tech, is there something I'm missing?
Thanks.
Beta Was this translation helpful? Give feedback.
All reactions