Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature request: Sensitive Input #16

Open
lukasmrtvy opened this issue Dec 16, 2019 · 0 comments
Open

Feature request: Sensitive Input #16

lukasmrtvy opened this issue Dec 16, 2019 · 0 comments

Comments

@lukasmrtvy
Copy link

lukasmrtvy commented Dec 16, 2019

Is your feature request related to a problem? Please describe.
In cases where You need to boostrap cluster ( empty k8s without any secret management ) is needed to somehow deploy initial secrets.
Rendered template in example https://github.com/banzaicloud/terraform-provider-k8s#usage is visible in terraform plan, thats OK, but when You want to deploy (initial)secrets ( my use case ), these will be visible in stdout.

Describe the solution you'd like to see
Something like sensitive_content in k8s_manifest would be nice step to keep these secrets hidden and keep backwards compatibility.
For example:

cat << EOF > secret.yaml.tpl
---
apiVersion: v1
kind: Namespace
metadata:
  name: bank-vaults
---
apiVersion: v1
kind: Secret
metadata:
  name: postgres-secret
  namespace: bank-vaults
data:
 PGPASSWORD: ${TEMPLATE_PGPASSWORD}
EOF

data "template_file" "file" {
  template = file("secret.yaml.tpl")
  vars = var.template_data
}

resource "k8s_manifest" "deployment" {
  sensitive_content = data.template_file.file.rendered
}

Describe alternatives you've considered
none, even 3rdparty shell providers does this...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant