cndi E700 - failure to persist a Kubernetes Secret with data from cndi-config

[johnstonmatt]

• ### description

The cndi CLI exits with error code 700 when a Kubernetes Secret resource is created with a data field containing anything other than a $.cndi.secrets.seal(MY_VAR) literal. This is because CNDI is protecting you from posting secret data to source control.

resolution tips

incorrect:

apiVersion: v1
kind: Secret
metadata:
  name: bad-secret-example
data:
  foo: YmFyCg==

---

correct:

# .env
MY_VAR='bar'

# correct:
apiVersion: v1
kind: Secret
metadata:
  name: good-secret-example
stringData:
  foo: '$.cndi.secrets.seal(MY_VAR)'

Passing a $.cndi.secrets(MY_VAR) instead, alongside defining MY_VAR in your environment, will result in that value being inserted into a new SealedSecret, and shared with your cluster in a secure way.