You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In a recent discussion, we decided to move usage of op read in our secrets template generation to use op inject instead. This speeds up the secret resolution step by 3x in our initial tests, and keeps the unencrypted secrets out of the environment entirely.
As an additional step, we should use envsubst to substitute the deployment environment (sandbox, staging, prod) into the templates, so that we can reuse the templates for all enviroments while separating out the actual secrets. Something like this:
ENVIRONMENT=sandbox envsubst < secret-template-file | op inject | kubeseal ...
In a recent discussion, we decided to move usage of
op read
in our secrets template generation to useop inject
instead. This speeds up the secret resolution step by 3x in our initial tests, and keeps the unencrypted secrets out of the environment entirely.As an additional step, we should use
envsubst
to substitute the deployment environment (sandbox, staging, prod) into the templates, so that we can reuse the templates for all enviroments while separating out the actual secrets. Something like this:with the template looking something like this:
The text was updated successfully, but these errors were encountered: