Currently, the API token is specified as a string literal in PSOPlugin object in purestorage.com/v1.
Since we check in all cluster objects in a git repository, this would mean that we have to expose the token to everyone who has read permission to the repository. This is not very secure.
Kubernetes secret is designed for managing sensitive information, and there are many options to allow us to safely version control secrets in git in encrypted form.
Can we allow the token to be referenced as a, for example, v1.SecretKeySelector?
Currently, the API token is specified as a string literal in
PSOPluginobject inpurestorage.com/v1.Since we check in all cluster objects in a git repository, this would mean that we have to expose the token to everyone who has read permission to the repository. This is not very secure.
Kubernetes secret is designed for managing sensitive information, and there are many options to allow us to safely version control secrets in git in encrypted form.
Can we allow the token to be referenced as a, for example, v1.SecretKeySelector?