Enhanced Secrets Provider
A few minutes ago we released our next software project. Many thanks to our customer who agreed to publish this project. We added two important features to CyberArk's existing Secrets Provider for Kubernetes.
Fault Tolerance:
The existing Secrets Provider immediately aborts if a secret fails to load. We have now implemented a new procedure for this. As soon as the Secrets Provider receives an error during batch retrieval, all Secrets are queried individually. If an error occurs for a single secret, the error is passed as the secret value. This procedure facilitates troubleshooting and guarantees a complete run of the Secrets Provider.
Retrieval Type:
Our customer has requested that the secrets do not have to be defined individually in the k8s_secret attribute and that a regex or a complete loading of all secrets is supported here. We have now implemented this and introduced a new parameter: RETRIEVAL_TYPE.
You can now use regular loading with the value "Single", but also retrieve secrets with "Regex" or "Full".?
If the secrets provider is executed as a sidecar, all secrets are regularly updated and the corresponding retrieval type is used.
All technical information can be found here:
Github / https://github.com/itdistrict/enhanced-secrets-provider-for-k8s
Docker / https://hub.docker.com/r/itdistrict/secrets-provider-for-k8s
Staff Software Engineer | Security Champion
1 年Wow, this is awesome! One of the great things about open source. It's gratifying to see someone make improvements and customizations on your project. Keep them coming!