Feature Request: Add support for Google Secret Manager for git secret

[samirtahir91]

Hi

Config Sync is very much aimed at GCP customers and environments (Anthos). From a security perspective, in my org, k8s secrets are discouraged and use of GCP Secret Manager is a better option.

Yes there are workarounds such as mounting to k8s via secrets-store-csi-driver.

However, we would like to be able to natively spec a GCP Secret Manager Secret as the source for Git credentials (private key/token) in the RootSync/RepoSync.

Is this on the roadmap or can be added please?

[karlkfi]

Thanks for the feature request!

If you're a GKE Enterprise customer, I would suggest submitting a GCP support ticket to request the feature so it routes through our internal tracker and is prioritized accordingly!

Requests from the OSS community are best effort, but I'll forward it to the PM for review anyway.

Direct integration with GCP Secret Manager might be more secure on most Kubernetes environments. However, GKE specifically includes some existing strategies for mitigating much of the risk that may exist in other environments. By default, GCE/GKE VMs already encrypt customer content at rest, including secrets in etcd and on the node. I'm also pretty sure GCE network traffic between VMs is encrypted in transit by the hypervisor. Shielded GKE Nodes, Secure Boot, and Container-Optimized OS can help mitigate many same node attack vectors. GKE Autopilot can also help you get a lot of these best practices enabled by default, letting GKE manage the nodes all together. And of course, RBAC can also be customized for least privilege to minimize who or what can access the Secrets from the K8s API. For more details, see https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster

That said, if you found what you think is an actual security risk, please report it to https://g.co/vulnz.

And if you have a suggestion for how the UX might work for a Secret Manager integration, feel free to brainstorm it here.