-
Notifications
You must be signed in to change notification settings - Fork 35
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Secure handling of secrets #7
Comments
Hi @alecor191, I think there are two solutions (that are not exclusive):
|
Thanks @mautini! For the first option the Helm chart would have to be updated, right? As I believe currently it doesn't support providing references to K8S secrets. The second recommendation is for sure a viable option. For us it's just a bit overkill to set up Helm secrets plugin just for Langfuse (we don't have the need for it on any other Helm chart we use in our clusters). |
Yes, the first option needs an MR. Actually if you keep the same name for the secrets you just have an option to not generate the secrets via the helm chart, no need to set up custom ref. |
I encountered the same issue. |
I make PR. |
Allowing for config variables and secrets to (also) be consumed from ConfigMaps or Secrets is also important to integrate with e.g. PostgreSQL-Operators (e.g. https://cloudnative-pg.io/). These operators usually auto-magically provide these when creating the PostgreSQL instance or cluster (for Langfuse), so there is
|
I understand that the Helm chart takes secrets, like the DB password, and stores them in a K8S secret. However, as we have to pass it to the chart as value, users can call
helm get values langfuse
to retrieve all values provided at the time of installation.Here what I get when running the mentioned command on a
langfuse
Helm release:Do you have any thoughts on the topic resp. are there other ways that could be considered to provide secrets (e.g. by providing name/key of a secret in an existing K8S
Secret
)?The text was updated successfully, but these errors were encountered: