1

Dear Cumulocity community,

i am developing a microservice for Cumulocity which needs some secret information (private key). One requirement is to store this information in a secure way. Which means encrypted and only access able by the microservice? During my research I found the possibility to define secrets at kubernetes: https://kubernetes.io/docs/concepts/configuration/secret/ Unfortunatly I am not familiar with kubernetes. Do i have the possibility to define secrets by using microservice-package-maven-plugin? Can i use this “secret” at all in Cumulocity? Has someone already used “secretes” in a hosted microservice?

Thank you in advanced, best regards

apes
  • 87
  • 8

1 Answers1

1

Kubernetes secrets aren't all that secret. They're accessible by any administrator, for example. Think of them as being convenient rather than secure.

Once you create a secret in Kubernetes, you can inject it into a pod as an environment variable, or as a file path. Check out the secrets docs and best practices.

If you are running Kubernetes in AWS or GCP, there are better ways, find a way to hook into the csp's key management systems, and you can have much more secure secret data.

Marcin Romaszewicz
  • 929
  • 6
  • 7