# Implementation Plan: Infisical Secrets Injection InitContainer

## Objective
Ensure that Infisical secrets are injected as **Environment Variables** securely before any main container logic runs in the Argo Workflows steps.

## Requirements
- Use the Infisical Kubernetes operator approach.
- Add the necessary Infisical annotations (e.g., `secrets.infisical.com/auto-reload: "true"`) to the pod metadata templates.
- **Crucial:** Because Argo Workflows pods start quickly, inject an `initContainer` into tasks that require secrets. This initContainer should run a simple polling script (e.g., a loop checking if a specific expected environment variable exists) to pause the pod's main container execution until the Infisical mutating webhook has successfully injected the environment variables.

## Agent Instructions
1. Create a reusable snippet or template property for the `initContainer` wait logic.
2. Apply the required Infisical annotations to the `ClusterWorkflowTemplate`'s `podSpecPatch` or task metadata.
3. Document which steps will require which secrets (e.g., DefectDojo API keys, Socket.dev keys).