Mark Yen

I also think the Concourse built-in credentials manager is a better fit; if we used an external resource, they tend to emit the secrets as files (because they don't have...

Hmm, just found [go-vln](https://github.com/Typositoire/go-vln) which sits as a proxy between concourse and vault, and provides - KV v2 support - Ability to change the vault secret paths (so that we...

Started https://github.com/cloudfoundry-incubator/kubecf/pull/1645 for discussion, to make sure we agree on the direction before implementing things (so we can be sure we've got a design that will work for the various...

Because this is so finicky, I'd like to add to the acceptance criteria: - There must be a rather extensive test suite, to clearly indicate what the rules we picked...

This looks related to #1291 — I haven't checked if that PR fixes things, but it doesn't _sound_ like it does. But at least the changes there will help point...

Hmm, doing more testing, I seem to have issues with rotating secrets: While I'm rotating everything, I'll focus on the `locket` database password: - The secret `var-locket-database-password` is correctly rotated...

This is now blocked by https://github.com/cloudfoundry-incubator/quarks-secret/issues/55 — it turns out that rotating the CA certificate does _not_ rotate the certificate that was made with that CA. This means that if...

@viovanov I do not believe attempting to get users to do this manually is reasonable: - Finding all the secrets will be error-prone - Even if they _did_, it will...

This was fixed by #6691. (It's not shipped yet.)

Unfortunately, this issue appears to have lots of unrelated things and it's not actionable: - The original issue: > Error Starting Kubernetes Error:socket hang up Unfortunately, the log snippets are...