Pascal Davoust

Hi, Thanks for the reply. I did not find any ACL_RELATED template in https://github.com/mesosphere/marathon-lb/blob/master/Longhelp.md#templates - is it an undocumented template? I agree with the fact that overriding a template is...

And before you ask, latest curl 8.4.0 also fails the same way.

> This one looks like it may be a dupe of https://github.com/curl/curl/issues/11720. Indeed, looks pretty much the same - now I'm wondering why I did not find it in the...

> I find this very disturbing as well. As for me, I'd completely block the secret removal instead of even the version removal. If the secret has only one version...

@trevorbox thanks for the feedback. > I agree it would be safer to keep it configurable. The conditional should probably apply to both KVv1 and KVv2 RandomSecret types - completely...

@smnbbrv you suggest to use the word "retain" instead of "keep" so that the environment variable is named something like `RETAIN_VAULT_KV_ON_REMOVAL`? I like that idea. 👍

@trevorbox agreed, more granular control is better. Last one: what's the best precedence? Use the envvar settings (defaulting to current behaviour) that can be overriden at resource level? Or the...

> We need to decide if it would be useful to override any and all settings, if not then I don't see the point in an env var. I could...

@raffaelespazzoli thanks for the (very relevant) questions! :-) > if we control this with an environment variable the behavior will be applied to all the random secrets. Should we (also)...

To be totally honest, the downside that I see with the environment variable defining the default policy is that the behavior of the RandomSecret resources is not self-defined anymore: you...