Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use JuJu application-secrets for MinIO credentials #167

Open
kimwnasptd opened this issue May 2, 2024 · 1 comment
Open

Use JuJu application-secrets for MinIO credentials #167

kimwnasptd opened this issue May 2, 2024 · 1 comment
Labels
enhancement New feature or request

Comments

@kimwnasptd
Copy link
Contributor

kimwnasptd commented May 2, 2024

Context

Right now the secret-key config value of MinIO has a "" value as default. This then means that MinIO will create a random big password and use this value for the secret-key
https://github.com/canonical/minio-operator/blob/track/ckf-1.8/src/charm.py#L219-L234

Those values now are generated by the Charm and are handled as config options. We should move to using juju application-secrets for storing these secrets, to make their handling more secure.

We propose that we currently go with application secrets (and not user secrets) since we would not expect users for now to need to update the credential values of MinIO.

What needs to get done

  1. Convert the secret-key and access-key from config options to application secrets
  2. Keep the logic of autogenerating the values, so MinIO can generate secure ones

For this work though we might need to keep the effort of being compliant with s3-interface #160

Definition of Done

  1. Secrets are used for the sensitive values of MinIO
  2. Spike for exploring if the Charm should generate values by default (we believe yes, but let's get feedback from DP team)
@kimwnasptd kimwnasptd added the enhancement New feature or request label May 2, 2024
Copy link

Thank you for reporting us your feedback!

The internal ticket has been created: https://warthogs.atlassian.net/browse/KF-5622.

This message was autogenerated

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

1 participant