Hi there,
I would like to propose a future feature.
When using Symfony's secrets, a sensitive file is produced : config/secrets/prod/prod.decrypt.private.php. As it is sensitive, we should not be seeing this inside the container's image of an app.
Therefore, we need to be able to inject its value (the file content) as a secret.
My knowledge of Kubernetes is not advanced, but I can propose the following, open for discussion:
templates/prod-secret-decrypt.yaml
apiVersion: v1
kind: Secret
metadata:
name: prod-secret-decrypt-file
type: Opaque
data:
decrypt: {{ .Values.secret.fichier }}templates/deployment.yaml
spec:
template:
spec:
containers:
- name : <name>
[...]
volumeMounts:
- mountPath: /app/config/secrets/prod/prod.decrypt.private.php
subPath: prod.decrypt.private.php
name: decrypt-prod-secrets
readOnly: true
volumes:
- name: decrypt-prod-secrets
secret:
secretName: prod-secret-decrypt-file
items:
- key: decrypt
path: prod.decrypt.private.phpThanks you for your work !
Hi there,
I would like to propose a future feature.
When using Symfony's secrets, a sensitive file is produced :
config/secrets/prod/prod.decrypt.private.php. As it is sensitive, we should not be seeing this inside the container's image of an app.Therefore, we need to be able to inject its value (the file content) as a secret.
My knowledge of Kubernetes is not advanced, but I can propose the following, open for discussion:
templates/prod-secret-decrypt.yaml
templates/deployment.yaml
Thanks you for your work !