This repository has been archived by the owner on Jul 5, 2021. It is now read-only.
Isolate SecretStore resources from the applications namespaces #143
Labels
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Describe the solution you'd like
Right now the SecretStore and ExternalSecret resources need to be in the target namespace together. The idea here is to isolate the SecretStore in another namespace, possibly the operator namespace.
What is the added value?
The problem with the SecretStore (and the associated k8s secret containing the provider credentials) being in the target namespace is that everyone that would have access to this namespace would also have access to the provider. We want to avoid this.
Give us examples of the outcome
Most of the changes are going to be done in the externalSecrets controler, we probably need to add the namespace in which it will look for the secretStore
Observations (Constraints, Context, etc):
The text was updated successfully, but these errors were encountered: