Expected Behavior
I'd like an option to pass secret values as files when appending _FILE after the current environment variable used for the value.
This behavior is consistent with other images such as MySQL, PostgreSQL (see the docker secrets section in the readme files for both).
Related to: apache/couchdb-helm#140
Current Behavior
Currently, the secret values can only be passed through environment variables which can be problematic when benchmark/scanner tools are used, see: https://avd.aquasec.com/compliance/kubernetes/cis-kubernetes-benchmarks-v1.23-1.23/5.4.1/ or bind mounts.
Enabling the _FILE option would allow for a cleaner implementation in the chart and is consistent with other official docker image behavior.
Possible Solution
The docker entry point could be updated to use COUCHDB_ADMIN_USER_FILE, COUCHDB_SECRET_FILE etc environment variables which have the path to a file holding the actual secret value.
Expected Behavior
I'd like an option to pass secret values as files when appending
_FILEafter the current environment variable used for the value.This behavior is consistent with other images such as MySQL, PostgreSQL (see the docker secrets section in the readme files for both).
Related to: apache/couchdb-helm#140
Current Behavior
Currently, the secret values can only be passed through environment variables which can be problematic when benchmark/scanner tools are used, see: https://avd.aquasec.com/compliance/kubernetes/cis-kubernetes-benchmarks-v1.23-1.23/5.4.1/ or bind mounts.
Enabling the
_FILEoption would allow for a cleaner implementation in the chart and is consistent with other official docker image behavior.Possible Solution
The docker entry point could be updated to use
COUCHDB_ADMIN_USER_FILE,COUCHDB_SECRET_FILEetc environment variables which have the path to a file holding the actual secret value.