Canonical Juju

Add mechanism for k8s charms/images to pull secrets from k8s secret stores

Bug #1854759 reported by Barry Price on 2019-12-02

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	Canonical Juju	Triaged	Medium	Unassigned	Canonical Juju 3.3.0
	charm-k8s-wordpress	Confirmed	Wishlist	Unassigned

Bug Description

Secrets in charm config end up stored in plaintext on the Juju controller - ideally any given charm/image would be able to natively use Kubernetes secrets without exposing them to the controller or (potentially) in logs:

https://kubernetes.io/docs/concepts/configuration/secret/

See original description

Tags:

Barry Price (barryprice) on 2019-12-03

information type:

Proprietary → Public

Barry Price (barryprice) on 2020-10-26

description:	updated
description:	updated
summary:	- Add mechanism for images to pull secrets from k8s secret stores + Add mechanism for k8s charms/images to pull secrets from k8s secret + stores
description:	updated

Revision history for this message

Pen Gale (pengale) wrote on 2020-10-26:

We've got some work scheduled this cycle to plan for better modeled secrets across Juju clouds. Actual implementation would happen sometime in the 21.10 cycle (or later).

I linked this bug into the spec covering the work, so that we are sure to consider k8s native mechanisms when designing our secrets framework.

Changed in juju:
status:	New → Triaged
importance:	Undecided → Medium

Tom Haddon (mthaddon) on 2020-10-27

Changed in charm-k8s-wordpress:
status:	New → Confirmed
importance:	Undecided → Wishlist

John A Meinel (jameinel) on 2021-03-18

Changed in juju:
milestone:	none → 2.9.1

Ian Booth (wallyworld) on 2021-04-30

Changed in juju:
milestone:	2.9.1 → 2.9.2

Canonical Juju QA Bot (juju-qa-bot) on 2021-05-19

Changed in juju:
milestone:	2.9.2 → 2.9.3

Ian Booth (wallyworld) on 2021-05-25

Changed in juju:
milestone:	2.9.3 → 2.9-next

Revision history for this message

Canonical Juju QA Bot (juju-qa-bot) wrote on 2022-11-03:

This Medium-priority bug has not been updated in 60 days, so we're marking it Low importance. If you believe this is incorrect, please update the importance.

Changed in juju:
importance:	Medium → Low
tags:	added: expirebugs-bot

Revision history for this message

Harry Pidcock (hpidcock) wrote on 2022-12-14:

Adding wallyworld as I believe this feature is being worked on now.

Changed in juju:
assignee:	nobody → Ian Booth (wallyworld)
importance:	Low → Medium
milestone:	2.9-next → 3.1-beta1

Harry Pidcock (hpidcock) on 2023-01-19

Changed in juju:
milestone:	3.1-beta1 → 3.2-beta1

Canonical Juju QA Bot (juju-qa-bot) on 2023-04-03

Changed in juju:
milestone:	3.2-beta1 → 3.2-rc1

Ian Booth (wallyworld) on 2023-04-25

Changed in juju:
assignee:	Ian Booth (wallyworld) → nobody
milestone:	3.2-rc1 → 3.3.0

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.