secretgen-controller icon indicating copy to clipboard operation
secretgen-controller copied to clipboard
verified publisher icon carvel-dev

Option to create multiple keys in Secrets

Open erkerb4 opened this issue 4 years ago • 2 comments

Describe the problem/challenge you have When multiple keys are defined in a Password object, the generated secrets are the same across all keys.

Here is an example:

---
apiVersion: secretgen.k14s.io/v1alpha1
kind: Password
metadata:
  name: postgresql-password
spec:
  secretTemplate:
    type: Opaque
    stringData:
      postgresql-password: $(value)
      postgresql-postgres-password: $(value)
      repmgr-password: $(value)

What is currently generated:

apiVersion: v1
data:
  postgresql-password: ZDJ1cjJiZm1keHFpb2F3cnNtZGYxMHN0YTl0Z2J1anB0cWx3aGdjbA==
  postgresql-postgres-password: ZDJ1cjJiZm1keHFpb2F3cnNtZGYxMHN0YTl0Z2J1anB0cWx3aGdjbA==
  repmgr-password: ZDJ1cjJiZm1keHFpb2F3cnNtZGYxMHN0YTl0Z2J1anB0cWx3aGdjbA==
kind: Secret
  name: postgresql-password
type: Opaque

Describe the solution you'd like It would be fantastic, if each key in the secret would get a unique password.

Anything else you would like to add: N/A

Thank you for your hard work!

erkerb4 avatar Sep 14 '21 13:09 erkerb4

@erkerb4 that becomes becomes of an issue for generating multiple passwords and combining them into a single secret (via a template). we've considered adding something like SecretTemplate CR (or something similar) which would be able to aggregate contents of one or more secrets Secrets and produce a new one, but have not fully committed to that approach yet.

cppforlife avatar Sep 15 '21 22:09 cppforlife

Will be eagerly awaiting that implementation. Thank you for your response.

erkerb4 avatar Sep 22 '21 13:09 erkerb4