Pass database credentials as secret

[IngaldiCSB]

Hello!

in kubernetes manifests, I describe a mgob configuration file, mounted as configMap. In this file i have to provide user database credentials and it's not a good practice. Is there some way to configure db credentials creating a secret and mounting it along mogb configuration?

Thanks in advance and congratulations for the project

[stefanprodan]

The mogb config files can be stored as Secrets instead of ConfigMaps.

[bzon]

@stefanprodan I think it can be a good user experience to still be able to see my configs and use a secret. How about the following?

target:
  host: "172.18.7.21"
  port: 27017
  database: "test"
  username: "admin"
#  password: "secret"
  k8s_secret:
    name: mgob-secret
    key: MONGODB_PASSWORD

I can help with this one if you think it is ok.

[ambis]

I think the simplest way would be to support environment variable interpolation in the config files. You could then mount the secret as ENV.

Then you could do just password: "${MONGO_BACKUP_PASSWORD}"

[CptQuint]

The mogb config files can be stored as Secrets instead of ConfigMaps.

Can someone explain to me how this is achieved?

I've created my backup plan as a Secret so mongo connection details aren't stored as plain text within a ConfigMap but the container keeps crashing with the following error:

level=fatal msg="No backup plans found in /config

Which makes perfect sense as it's actually mounted here:

/secret/mongo-backup-conf

[ambis]

@CptQuint .. just mount it in the correct directory then?

[CptQuint]

@ambis I should be clear, I'm trying to use the Helm chart for deployment.