MongoDBUser new feature to retrieve user and password from a secret
Hi! I hope you are doing well.
We would like to have an option in the "MongoDBUser" Custom Resource to reference a Kubernetes secret with user and password instead of only "spec.passwordSecretKeyRef". For us, it's also important to save the user MongoDB in a secret as well and don't pass the user through commands(helm).
Basically, we would like to perform the following steps:
- Create a secret in GCP Secret Manager with MongoDB's user/password.
- Recover the secret using the "External Secrets tool" running in Kubernetes.
- Refer only one secret with user/password in the "MongoDBUser" custom resources as we are doing currently for "spec.passwordSecretKeyRef"...
- The operator will use one secret to retrieve the user and the password.
As we mentioned for security reasons we would like to have the user as a secret as well.
Example:
apiVersion: mongodb.com/v1
kind: MongoDBUser
metadata:
name: example-database-user
spec:
secretKeyRef:
name: mongodb-user-password-kubernetes-secret
usernameKey: username
passwordKey: password
apiVersion: v1
kind: Secret
data:
username: Y3VzdG9tZXIx
password: Y3VzdG9tZXIx
-
Marcos Aranda Lucas commented
Does anyone want this feature?