ingress-controller icon indicating copy to clipboard operation
ingress-controller copied to clipboard

Published 20 hours ago verified publisher icon pomerium

Proposal: Provide a secure storage for policy headers

Open abuzhynsky opened this issue 4 years ago • 2 comments

Currently pomerium-operator doesn't provide a secure way to store policy set_request_headers key.

Maybe it makes sense to add a new annotation like:

ingress.pomerium.io/policy_from_secret: "secretName"

which will point at the existing secret in the same namespace as the ingress/service. The secret will contain the sensitive bits of a policy like headers or a client certificate.

Example secret:

apiVersion: v1
kind: Secret
metadata:
  name: secretName
type: Opaque
stringData:
  set_request_headers:
    Authorization: Basic YWRtaW46YWRtaW4K
    X-Example: example

I can help with the implementation if it sounds like a good idea.

abuzhynsky avatar Mar 21 '20 18:03 abuzhynsky