argocd-autopilot icon indicating copy to clipboard operation
argocd-autopilot copied to clipboard

Published 20 hours ago verified publisher icon argoproj-labs

Argocd-autopilot should persist secrets to git

Open oren-codefresh opened this issue 4 years ago • 3 comments

Can be sealed-secret , kubernetes-external secrets

oren-codefresh avatar May 05 '21 13:05 oren-codefresh

sops or whatever. It would be nice to have a plugin type secret manager where we could specify the provider i.e. sealed-secret, vault, sops, etc.

--secret-provider sops

The hard part would be supporting all kinds of providers. Ones we could import like sops or anything written in go with a decent lib wouldn't be hard, but anything else where we would shell out could be hard.

pmcjury avatar Oct 02 '21 02:10 pmcjury

There is a vault plugin available for ArgoCD now

https://argocd-vault-plugin.readthedocs.io/en/stable/

How you'd use this would be application specific, I don't see how auto-pilot adds any value here. Just configure the Kustomize configuration to generate the appropriate YAML and let the ArgoCD plugin substitute the secret value.

The same logic applies to using sealed secrets of kubernetes-external I think. I'm interested in what specific secrets you think auto-pilot should be generating?

myspotontheweb avatar Jan 05 '22 18:01 myspotontheweb

My vote would be for something using agebox due to dependencies and secrets outside of gitops sort of breaks gitops

nwmcsween avatar Jan 14 '22 20:01 nwmcsween