Is your feature request related to a problem? Please describe.

Current configuration schema (default to /etc/jans/conf/configuration.json) mounted to container contains sensitive data for secrets. These data need to be secured to conform to our policy.

Example of configuration.json:

{
  "_configmap": {
    "admin_email": "[email protected]",
    "auth_enc_keys": "RSA1_5 RSA-OAEP",
    "auth_sig_keys": "RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512",
    "city": "Austin",
    "country_code": "US",
    "hostname": "demo.example.com",
    "init_keys_exp": 4,
    "optional_scopes": "[\"sql\"]",
    "orgName": "Janssen",
    "state": "TX"
  },
  "_secret": {
    "admin_password": "<redacted>",
    "encoded_salt": "",
    "redis_password": "<redacted>",
    "sql_password": "<redacted>"
  }
}

Describe the solution you'd like

When possible, obfuscate the entire contents of mounted configuration schema. To allow backward-compatibility, non-obfuscated configuration schema should be allowed as well.

Example of obfuscated configuration.json:

aA19rmPCKUOsT4BNA40wM2iZj5QwAuQtKEeEPZMb6CDDp3r5BU6R+hGZIXVyKAap4dYXcMn5cdnuD2Y5KLYz5kEqD0+PeTUKDgueEQzOoVw==

This will require extra file (e.g. /etc/jans/conf/configuration.key) contains key to decrypt/encrypt the contents, for example:

cdkbB1zoyReLqdFExos7211b

Additional context

Helm has template function to encrypt text https://helm.sh/docs/chart_template_guide/function_list/#encryptaes. This can be used in Helm charts.
For low-level (container) support, https://github.com/iromli/sprig-aes contains python-based functions.