Skip to content
This repository has been archived by the owner on Oct 22, 2021. It is now read-only.

Document how to rotate generated secrets #703

Open
jandubois opened this issue Apr 16, 2020 · 6 comments
Open

Document how to rotate generated secrets #703

jandubois opened this issue Apr 16, 2020 · 6 comments
Assignees
@mook-as
Labels
good first issue Good for newcomers Priority: Medium Size: 5 Status: Accepted This issue will be implemented in a near future Status: Blocked Dependencies on other issues and/or pull requests Type: Documentation Improvements or additions to documentation

Comments

@jandubois
Copy link
Member

There is a documentation page for it already: https://github.com/cloudfoundry-incubator/kubecf/blob/master/doc/secret_rotation.md

However, it only documents how to rotate the database encryption key, which is just one subtopic of rotating all the secrets in the cluster.

The rotation of generated secrets will have to be managed by cf-operator, but we need documentation about how to trigger it.
@jandubois jandubois added the Type: Documentation Improvements or additions to documentation label Apr 16, 2020
@fargozhu fargozhu removed their assignment May 22, 2020
@fargozhu fargozhu added Priority: Medium Status: Accepted This issue will be implemented in a near future labels May 22, 2020
@viovanov
Copy link
Member

viovanov commented Jun 4, 2020
edited
Loading

There should be a script (like a one line) to perform rotation for all secrets all at once.

@fargozhu fargozhu self-assigned this Jun 5, 2020
@fargozhu fargozhu removed their assignment Jun 18, 2020
@fargozhu fargozhu added this to the jumanji milestone Jul 8, 2020
@viovanov
Copy link
Member

viovanov commented Sep 2, 2020

Also see the following resources:

https://quarks.suse.dev/docs/quarks-secret/development/#_secretrotation-controller_
https://quarks.suse.dev/docs/quarks-secret/#rotate-credentials

@fargozhu fargozhu added the good first issue Good for newcomers label Sep 2, 2020
@mook-as
Copy link
Contributor

mook-as commented Sep 4, 2020

@jandubois Is this already done by #854? That documented how to rotate a QuarksSecret. It doesn't contain a script to rotate all secrets, though.

@viovanov
Copy link
Member

viovanov commented Sep 8, 2020

@mook-as I don't think that's enough, and a sample script should be part of this

@fargozhu fargozhu removed the suse-cap label Sep 8, 2020
@mook-as mook-as self-assigned this Sep 15, 2020
@mudler
Copy link
Member

mudler commented Sep 16, 2020

Can we please avoid to document this inside the kubecf repo, but to https://kubecf.suse.dev/ instead? It sounds more user-facing docs

@mook-as
Copy link
Contributor

mook-as commented Sep 16, 2020

Yep, this will be an update to https://github.com/cloudfoundry-incubator/kubecf-docs/blob/master/content/en/docs/Tasks/secrets.md

But to make it reasonable for the user, I'll attempt to make a QuarksJob to automate the rotate-all-secrets case, and tell the user to trigger that instead.

This was referenced Sep 17, 2020
Draft
Closed
@fargozhu fargozhu modified the milestones: 2.5.0, 2.6.0 Oct 11, 2020
@fargozhu fargozhu added this to the 2.6.0 milestone Oct 11, 2020
@mook-as mook-as added the Status: Blocked Dependencies on other issues and/or pull requests label Oct 20, 2020
@fargozhu fargozhu modified the milestones: 2.6.0, 2.7.0 Oct 21, 2020
@jandubois jandubois removed this from the 2.7.0 milestone Mar 16, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@mook-as mook-as

Labels
good first issue Good for newcomers Priority: Medium Size: 5 Status: Accepted This issue will be implemented in a near future Status: Blocked Dependencies on other issues and/or pull requests Type: Documentation Improvements or additions to documentation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@jandubois @fargozhu @viovanov @mudler @mook-as