1Password
Feature request: Kubernetes secret ingestion
A lot of 3rd party operators and helm charts will often automatically generate a secret, e.g. to access a database, cache, or dashboard.
It would be great to have the operator support automatically ingesting secrets and adding them to the vault (or removing them as necessary).
Certain metadata would also be appreciated, such as:
- What's the namespace/context this secret was discovered in?
- Is it associated with a helm chart or operator?
- Labels and annotations applied to the secret
Given that some desired meta-data may be hard to obtain automatically, support for configuring to watch for specific secrets to ingest could also be viable. E.g. look for elastic-es-default-user; if found apply a desired name, configuration, or other data to the secret.
Hey there.
This is an interesting idea. I'm not sure when our team will have the bandwidth to investigate this further, but feel free to open a PR if you have a solution to this.
Think this would be very interesting for many cases.
@edif2008: Do you know if it's possible to ingest data to onepassword via onepassword-connect and is there any documentation for this?
Do you think it would make more sense to define a new CRD or to adapt the OnePasswordItem? When changing the current one, there should be some information in which way the synchronization should take place.
This is a really interesting feature that I would like to see! I have the usecase now that 3rd party operator is creating secrets that I would like to push them to 1password. right now I have to do it manually by copy/paste
