Tobias Florek

I am only concerned about openshift/kubernetes usage, so I have not thought deeply about a `docker run` case. In openshift, specifying environment vars directly logs them in the pod's annotation...

Re password change race: do you mean that the application might have the wrong password for a small amount of time? I don't see how that can be prohibited without...

I am not sure, I am following. ConfigMaps are eventually consistent (and additionally: updates in it are atomic), so the latest inotify-event will have the latest change. If the inotify-events...

And: (sorry forgot) kube does not have any idea about confirmation re configmap changes.

Care to comment on the wip pull request: #145?

What request? The password change? If so, if it is not handled correctly, the app won't be able to connect until the request is handled. That's the same that happens...

> But it is basically useless, because environment variables can be used securely, too (see issue #101). For me the most important part of this patch is, that it makes...

Sorry, we are talking past each other. So: an example (I am running a variation of that patch in production): I have _many_ database users connecting to a single database...

Subdirectories `.../userA/password`? If you mean, that `.../userA` is a directory, and `password` is a file, that's how it works. A secret of the form ``` yaml username: my_user password: my_pass...

I do understand your argument re code complexity btw. I am totally fine with weeding out the replicated logic re `simple_db`, and only doing the `traverse users directory` part.