-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Proposal: Provide a secure storage for policy headers #86
Comments
I get the use case here. The key name for the annotation isn't sitting well with me, though. Currently we take whatever is after
2c seems at least workable to me. Are there other models I'm not thinking of? |
Moving this issue to the Pomerium Ingress Controller (docs). See deprecation notice for more info. |
Currently
pomerium-operator
doesn't provide a secure way to store policyset_request_headers
key.Maybe it makes sense to add a new annotation like:
which will point at the existing secret in the same namespace as the ingress/service. The secret will contain the sensitive bits of a policy like headers or a client certificate.
Example secret:
I can help with the implementation if it sounds like a good idea.
The text was updated successfully, but these errors were encountered: