From 786109b1ce9621e836589a0c09ddc139153413c2 Mon Sep 17 00:00:00 2001 From: Tim Chaffin Date: Thu, 25 Apr 2024 14:18:27 -0600 Subject: [PATCH] #397 Adding a note for sensitive values Adding a blurb instructing the user how to configure and secure values with sensitive information. --- docs/configuration.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/configuration.md b/docs/configuration.md index 7179fc2b..67fa2405 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -34,6 +34,11 @@ Available storage backends are: * Local filestorage `local` * You can mount a volume into the container under ``/tapir`` to persist your data. This is highly recommended. Otherwise, you loose the data if the container gets removed. +#### Note Regarding Sensitive Data +Configuring secrets for Tapir is largely at the users discretion. It is recommended to use a secret manager like [AWS Secrets Manager](https://aws.amazon.com/secrets-manager/) or [Azure Key Vault](https://azure.microsoft.com/en-us/services/key-vault/) to store sensitive data like keys, passwords, connection strings, etc. Tapir needs the secret values set as environment variables, and depending on the actual runtime there are different approaches. + +For example, if you're using Kubernetes, you can use [Opaque Kubernetes Secrets](https://kubernetes.io/docs/concepts/configuration/secret/) to store and manage sensitive information manually. Each secret store solution like AWS Secrets Manager, Azure Key Vault, Hashicorp Vault, etc. has its own way of injecting said secrets into Kubernetes as well. Or furthermore, you could use a [Kubernetes external secrets operator](https://external-secrets.io/latest/). It's important to follow the best practices and guidelines provided by the respective service. + You can configure Tapir passing the following environment variables: | Variable | Description | Required | Default |