Comments (6)
KurtStam
commented on July 1, 2024
I would argue that the citizen developer would need access to the config,
but may not need/have access to secret stuff, so it may make sense to split
this up now rather then later. So my vote would be to make the split
between Secret and ConfigMap now.
my 2 cents
…--K
On Tue, Dec 20, 2016 at 5:37 AM, James Strachan ***@***.***> wrote:
The connector configuration frequently contains username, passwords,
tokens and secrets. e.g. for the twitter component all the component
properties should be secret
One day we may want to split the configuration between 2 resources; a
ConfigMap and a Secret; with secret stuff only going into the Secret.
However for now - maybe just using a Secret instead of a ConfigMap for
the connector configuration is simplest? It then makes sure the
configuration is all secret?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#6>, or mute the
thread
<https://github.com/notifications/unsubscribe-auth/AACK-En3hCRLrcDaBPgcT5JHBJSfVZJgks5rJ6_4gaJpZM4LRsRS>
.
--
Kurt T. Stam
twitter: @KurtStam
google+: [email protected]
from funktion.
iocanel
commented on July 1, 2024
If we don't have a way to mark which configuration keys are passwords, keys or aneything else that needs to be secret, then using Secrets instead of ConfigMap is oneway right?
I recall that a long time ago, there have been an request raised in Camel, to mask passwords, etc when presenting endpoint urls in logs, jmx etc. I don't know if it was ever implemented, but it might worth checking if it has and if we can extract that info from there.
from funktion.
jstrachan
commented on July 1, 2024
I think the next Camel version maintains the metadata of which properties are secret
from funktion.
jstrachan
commented on July 1, 2024
@KurtStam there may be properties that the citizen developer may need to populate that are secret (e.g. login / passwords to sales force or something)
from funktion.
jimmidyson
commented on July 1, 2024
We have an open question whether openshift/kubernetes are secret enough... Do we need encryption at rest, etc.
from funktion.
markrey
commented on July 1, 2024
I was just browsing through documents and found this.
We have lots of static and dynamic secrets. ( For example, OAuth token which is getting refreshed every few days by other application ).
Example would be,
Funktion Camel flow starts -> acquires and uses token from Vault -> Make API call -> Stop
Is there possiblity to store all secrets in some sort of small HA KV database.
Something like Hashicorp Vault.
https://github.com/hashicorp/vault
from funktion.
Related Issues (20)
- support easier scaling of funktions + flows
- provide a Test command to test a step HOT 1
- add funktion commands to start/stop/scale functions and flows HOT 1
- Broken funktion-operator after installing platform on minikube/linux
- ConfigMap "catalog-letschat" is invalid: metadata.annotations: Too long: must have at most 262144 characters HOT 9
- When using OpenShift use oc vs. kubectl HOT 1
- Extensive ConfigMap usage a problem in some OpenShift environments HOT 10
- Kubernetes namespace creation should be handled diffferently under OpenShift HOT 1
- Consider formatting code with `gofmt` HOT 5
- Function start time benchmark - camel HOT 2
- funktion create --file should work!
- bufio.Scanner: token too long - When installing platform in a namespace HOT 7
- Broken image links in documentation HOT 2
- manual install instructions HOT 3
- Installing Funktion in OpenShift Origin HOT 8
- Build - can't load package: package github.com/funktionio/funktion/cmd/operator HOT 2
- scalability concern HOT 2
- Error when trying the blog-example HOT 5
- lets add a `funktion uninstall` so its easy to remove all the function components from an install HOT 1
- when use "funktion" return "command not found" HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from funktion.