Description
Summary
Hey... if this is already possible sorry, could not figure out from the docs a way to do this.
What I would like to achieve is a way to leverage a credential across multiple secrets, with those secrets each containing that credential (among other details).
Use cases
My personal use case for this would be configuring ArgoCD repositories. This can be done declaratively using K8 manifests as follows
apiVersion: v1
kind: Secret
metadata:
name: private-repo
namespace: argocd
labels:
argocd.argoproj.io/secret-type: repository
stringData:
type: git
url: git@github.com:argoproj/my-private-repository
sshPrivateKey: |
-----BEGIN OPENSSH PRIVATE KEY-----
...
-----END OPENSSH PRIVATE KEY-----In this case, the only thing that I would like the 1Password operator to manage is the sshPrivateKey. Everything else, I would like to not only declare normally, but would like to be able to reuse the sshPrivateKey across many manifests.
At the moment, it seems like the only supported approach would be instead for me to create N 1Password entries (1 per repository), and store info like url within the 1password secret.
Proposed solution
This is just spitballing, but perhaps something like this
apiVersion: onepassword.com/v1
kind: ConstructedOnePasswordItem
metadata:
name: private-repo
namespace: argocd
labels:
argocd.argoproj.io/secret-type: repository
stringData:
type: "git
url: "git@github.com:argoproj/my-private-repository"
1passwordStringData:
sshPrivateKey: "vaults/Infrastructure/items/ArgoGitCreds/ssh_private_key"Is there a workaround to accomplish this today?
Not that I'm aware of, and regardless this particular example is blocked on the inability to write to stringData as mentioned here #127
References & Prior Work
N/A