Support reading databaseUri from a file #101
Labels
enhancement
New feature or request
Comments
raj-saxena
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Seems like right now, the only way to pass database credentials is through a Kubernetes secret, that is then referenced by datastore.uriSecret. While this works with static credentials, it fails when using dynamic credentials that are generated by a database secret engine like Vault (since they are newly generated each time).
Vault provides a vault-injector for Kubernetes that retrieves the secrets and can make them available on a file path in the following ways:
https://developer.hashicorp.com/vault/docs/platform/k8s/injector/examples
But, for this, the app should support reading credentials from a path. Is this something that can be easily supported by FGA?
An alternative could be to read the values from environment variables but then, you'll have to allow passing the
commandandargsparameters to correctly export the variables before starting the service.https://developer.hashicorp.com/vault/docs/platform/k8s/injector/examples#environment-variable-example
The text was updated successfully, but these errors were encountered: