Calendar Favorite 1 Streamline Icon: https://streamlinehq.com  Mark Your Calendars: The next VSecM Contributor Sync will be on... 🎃 Thursday, 2024-10-31 🎃 at 8:00am Pacific time.
Rating Star 1 Streamline Icon: https://streamlinehq.com  Star VMware Secrets Manager to show your support. Help us reach out to even more people with this amazing tech.

Mutating a Template File

Link Situation Analysis

Certain apps may require initialization scripts, which may include secrets. Storing these scripts with hard-coded secrets is a security gap. Storing these scripts in source control is a security incident waiting to happen.

Link Screencast

Here is a screencast that demonstrates this use case:

WORK IN PROGRESS

Link Solution

A solution would be to create a template file with a placeholder to interpolate the secrets at deployment time.

As long as this template file is in an ephemeral “in-memory” volume and direct access to the workload is prevented by strict RBAC rules, we can consider the script and the secrets within it secure because data in an in-memory file system will be protected by the operating system’s built-in memory barriers: Only an app that can shell into the Pod can access the in-memory volume.

Link Strategy

Follow the Mounting Secrets as Volumes use case and configure the sidecar to mutate the file you need accordingly.

Link List of Use Cases in This Section

edit this page ✏️