kubeone icon indicating copy to clipboard operation
kubeone copied to clipboard

Published 20 hours ago verified publisher icon kubermatic

Make secret values consumeable from Environment Variables

Open dcardellino opened this issue 1 year ago • 1 comments

Description of the feature you would like to add / User story

As a cloud engineer I do not want to store my credentials as plain text in git. To have kind of more control over it, I want to consume secrets via Environment Variables in kubeone.yaml. As I use Hashicorp Vault I can "securely" export my secrets as env variables.

As a <user persona>
I would like to <functionality>
in order to <benefit>

Solution details

As described in the KubeOne documentation there are some fields enabled to get values from environment, in my specific case I want to put regestryAuth credentials to kubeone.yaml like this:

containerRuntime:
  containerd:
    registries:
      registry-1.docker.io:
        auth:
          username: "env:DOCKER_HUB_USER"
          password: "env:DOCKER_HUB_PASSWORD"

meaning that DOCKER_HUB_USER & DOCKER_HUB_PASSWORD are exported as environment variables.

Use cases

  • Retrieving credentials for registry authentication or similar.

Additional information

  • See #kubermatic slack for discussions about it.

dcardellino avatar May 25 '23 12:05 dcardellino