⭐️ Star VMware Secrets Manager to show your support ⭐️
your support helps us to reach out to even more people with this amazing tech

VMware Secrets Manager

Mutating a Template File

Mark Your Calendars
The next VSecM Contributor Sync will be on…
Thursday, 2024-05-30 at 8:00am Pacific time.

Situation Analysis

Certain apps may require initialization scripts, which may include secrets. Storing these scripts with hard-coded secrets is a security gap. Storing these scripts in source control is a security incident waiting to happen.

Solution

A solution would be to create a template file with a placeholder to interpolate the secrets at deployment time.

As long as this template file is in an ephemeral “in-memory” volume and direct access to the workload is prevented by strict RBAC rules, we can consider the script and the secrets within it secure because data in an in-memory file system will be protected by the operating system’s built-in memory barriers: Only an app that can shell into the Pod can access the in-memory volume.

Strategy

Follow the Mounting Secrets as Volumes use case and configure the sidecar to mutate the file you need accordingly.

results matching ""

No results matching ""

⭐️ Star VMware Secrets Manager to show your support ⭐️
your support helps us to reach out to even more people with this amazing tech

«« previous next »»

Copyright © 2023-present VMware Secrets Manager contributors.

VMware Secrets Manager for Cloud-Native Apps
code is distributed under BSD 2-Clause License.

The documentation on this website
is distributed under CC-BY-4.0.

contact | privacy policy