Hi!
I am migrating over from Hashicorp Vault for secrets management and sync to my Kubernetes Clusters, and while this has been a strong replacement, there’s a particular feature I am missing. SM Operator should be able to add the capability to modify a given’s secret type. A Kubernetes Secret has different “types” as per documentation here: Secrets | Kubernetes
This is critical to ensure all secrets needed to manage and deploy applications from kubernetes are secured, and only supporting the Opaque Type leaves gaps in our deployments where some keys are needing to be manually managed or automated in a different way, leaving us with an additional process to consider when using this product.
For example, Docker Authentication for my private registry is done using the kubernetes.io/dockerconfigjson type, and today that is not possible with the SM Operator.
There is an Open Issue on the SM Operator github repo related to this feature request: Feature: dockerconfigjson secret type · Issue #66 · bitwarden/sm-kubernetes · GitHub
Personally, I could see this being implemented at the BitwardenSecret resource definition that has an added type field in the spec.
apiVersion: k8s.bitwarden.com/v1
kind: BitwardenSecret
metadata:
labels:
app.kubernetes.io/name: bitwardensecret
app.kubernetes.io/instance: bitwardensecret-sample
app.kubernetes.io/part-of: sm-operator
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/created-by: sm-operator
name: bitwardensecret-sample
spec:
organizationId: someOrgID
type: kubernetes.io/dockerconfigjson
secretName: bw-sample-secret
map:
- bwSecretId: someSecretID
secretKeyName: .dockerconfigjson
authToken:
secretName: bw-auth-token
secretKey: token