Elizabeth W
15 lines
1.1 KiB
Markdown
15 lines
1.1 KiB
Markdown
# Implementation Plan: Infisical Secrets Injection InitContainer
|
|
|
|
## Objective
|
|
Ensure that Infisical secrets are injected as **Environment Variables** securely before any main container logic runs in the Argo Workflows steps.
|
|
|
|
## Requirements
|
|
- Use the Infisical Kubernetes operator approach.
|
|
- Add the necessary Infisical annotations (e.g., `secrets.infisical.com/auto-reload: "true"`) to the pod metadata templates.
|
|
- **Crucial:** Because Argo Workflows pods start quickly, inject an `initContainer` into tasks that require secrets. This initContainer should run a simple polling script (e.g., a loop checking if a specific expected environment variable exists) to pause the pod's main container execution until the Infisical mutating webhook has successfully injected the environment variables.
|
|
|
|
## Agent Instructions
|
|
1. Create a reusable snippet or template property for the `initContainer` wait logic.
|
|
2. Apply the required Infisical annotations to the `ClusterWorkflowTemplate`'s `podSpecPatch` or task metadata.
|
|
3. Document which steps will require which secrets (e.g., DefectDojo API keys, Socket.dev keys).
|