-
-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How do we mask sensitive config information? #397
Comments
Indeed secret injection was intentionally left quite open. Tapir needs the values as environment variables and depending on the actual runtime there are different approaches. In K8s context you can use opaque secrets, you may also have a dedicated secret management (e.g. Hashicorp Vault, Aws secretmanager,...) that offer different ways to inject values as ENV to the pod during runtime. One common way in K8s could also be to go through external secrets operator which has quite some flexibility. Hope that helps ✌️ |
Added a PR, if you'd like to include this documentation. |
@all-contributors add @tim-chaffin for docs |
I've put up a pull request to add @tim-chaffin! 🎉 |
Adding a blurb instructing the user how to configure and secure values with sensitive information.
While reading the https://github.com/PacoVK/tapir/blob/main/docs/configuration.md file we are asked to set values which are sensitive by nature, such as
BACKEND_AZURE_MASTER_KEY
,AZURE_BLOB_CONNECTION_STRING
,AUTH_CLIENT_SECRET
and so on.It's not clear in the docs how best to mask or secure these secrets. We could be doing a k8 namespace opaque secret, or something similar. But I'm unsure what works best with the container, when running in k8.
If you can help me understand how to implement a secret with Tapir, I'd be happy to add that to the docs as well.
The text was updated successfully, but these errors were encountered: