ada/agentguard-ci
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ebd29176d06d8aa81b774c986fd821d3a8f25219
agentguard-ci/docs/plans/phase1-step3-infisical-init.md
T
Elizabeth W 963e020efa plan files
2026-04-19 22:12:00 -06:00

1.1 KiB
Raw Blame History

Implementation Plan: Infisical Secrets Injection InitContainer

Objective

Ensure that Infisical secrets are injected as Environment Variables securely before any main container logic runs in the Argo Workflows steps.

Requirements

  • Use the Infisical Kubernetes operator approach.
  • Add the necessary Infisical annotations (e.g., secrets.infisical.com/auto-reload: "true") to the pod metadata templates.
  • Crucial: Because Argo Workflows pods start quickly, inject an initContainer into tasks that require secrets. This initContainer should run a simple polling script (e.g., a loop checking if a specific expected environment variable exists) to pause the pod's main container execution until the Infisical mutating webhook has successfully injected the environment variables.

Agent Instructions

  1. Create a reusable snippet or template property for the initContainer wait logic.
  2. Apply the required Infisical annotations to the ClusterWorkflowTemplate's podSpecPatch or task metadata.
  3. Document which steps will require which secrets (e.g., DefectDojo API keys, Socket.dev keys).
Reference in New Issue View Git Blame Copy Permalink