nebari icon indicating copy to clipboard operation
nebari copied to clipboard
verified publisher icon nebari-dev

[ENH] Re-enable `QHUB_SECRETS`

Open viniciusdc opened this issue 3 years ago • 3 comments

We need to re-enable this tooling cited in the docs. Which was originally created to solve #13.

viniciusdc avatar May 31 '22 15:05 viniciusdc

Did we ever consider using sops? I've used it before and it's a pretty decent way to handle secrets.

trallard avatar Jun 01 '22 22:06 trallard

Did we ever consider using sops? I've used it before and it's a pretty decent way to handle secrets.

Uhm never used that before, looking briefly over their readme seems similar to gopass but with more flexibility. I will have a look, thanks for the suggestion.

just to extend a little the problem here:

  • for all cloud providers we are currently importing the necessary credentials from the env vars, and we perform a check here during deployment, so would adopting sops to all secrets affect this as well (?)
  • the original reason for QHUB_SECRETS was the ability to pass extra information directly to Terraform wherever it was needed. Within the refactor made in v0.4.0 this might not be a good reason anymore.

Its main purpose right now is just to inform qhub that there is important information to be included in the YAML that needs to be grabbed from env before propagated in the config. The original implementation has more details, so I will link here

viniciusdc avatar Jun 02 '22 14:06 viniciusdc

But I am really open, and I think the other would be as well, to add something as sops, due to its huge compatibility to a variety of resource (such as Vault)

viniciusdc avatar Jun 02 '22 14:06 viniciusdc

superseded by #787

trallard avatar Jan 12 '23 18:01 trallard