cydergoth

We have a use case where we need to generate an ApplicationSet which contains an existing deployed app. The deployed app can't be trivially redeployed (huge database) and currently there...

Some good thoughts there. I was envisioning a new service on the API server to call a new type of user defined object, like an action but designed to pull...

Grafana does a good job of this too.

> I would love easier access to vault secrets, but I don't think changing `st2kv` is the way to do that. I think we should have a new `vault` function...

..actually, on second thoughts, that wouldn't work for third party packs. It needs to be an API compatible replacement

So to clarify, FedRAMP has some very particular requirements around cryptographic algorithms used. It's a lot cheaper to tick a box for an existing, well known product than to have...

> @nmaludy and I talked a lot about this. We don't think it's hard, per sé, but if I recall correctly it was a function of making the Vault keystone...

I have also just noticed that the st2 stackstorm-ha helm chart puts the secrets into Kubernetes "secret" store which is unfortunate as it is only b64 encoded there, not encrypted

This is good, but doesn't address the case of using a thirdparty pack which uses` st2kv` and transparently mapping that to vault.

Is there any reason we can't make st2kv a shim to different backends? How do we ensure that third-party packs using st2kv get appropriately redirected to vault to get their...