Camunda helm command for connectors secrets

gevezex · April 18, 2024, 7:06am

Hi Guys,

I am trying to incorporate hashicorps vault secrets in camunda connectors what is self managed via the camunda helm charts. I was able to mount a file (/secrets/secrets.txt) with all my secrets in it with content like:

MY_FIRST_SECRET="secret1"
MY_SECOND_SECRET="secret2"
...

One of the the values of the values.yml of the helm chart is:

connectors:
  command: []

And I changed it to:

connectors:
  command:
    - "/bin/bash"
    - "-c"
    - "export $(sed 's/^/export /' /secrets/secrets.txt) && /start.sh"

Of course with the knowledge that camunda connectors docker image is using the entrypoint /start.sh

So my question is, how reliable is this solution as we don’t know if camunda connectors will be using that same entrypoint in the future?

sbuettner · April 23, 2024, 12:15pm

Hi @gevezex thanks for your question. Your solution will be supported in the future. But we would be interested in your requirements. Would you like to see native file based secret support or are you looking for an integration with HashiCorp Vault?

gevezex · April 24, 2024, 3:21pm

I would be happy if I could have a file in the container with all the secrets. Because i can easily do that with hashicorps vault. It is not important that hashicorps vault is supported because I don’t want to be dependent on a specific product (in this case hashicorp). Native k8s objects are sufficient.