RustFS recently added support for specifying access_key and secret_key via files instead of environment variables (rustfs/rustfs#1814). This is more secure as env vars can leak through /proc//environ or debug endpoints.
Currently the chart only supports secrets as env vars (secret.existingSecret / secret.rustfs.access_key). There's no way to mount a secret as a file and reference it via the new key file flags.
It would be great to have either:
extraVolumes / extraVolumeMounts support (general-purpose), or
a dedicated secret.keyFile option that mounts the existing secret as files and passes the appropriate flags
This would allow Kubernetes users to leverage the key file feature from #1814 without patching the chart.
RustFS recently added support for specifying access_key and secret_key via files instead of environment variables (rustfs/rustfs#1814). This is more secure as env vars can leak through /proc//environ or debug endpoints.
Currently the chart only supports secrets as env vars (secret.existingSecret / secret.rustfs.access_key). There's no way to mount a secret as a file and reference it via the new key file flags.
It would be great to have either:
extraVolumes / extraVolumeMounts support (general-purpose), or
a dedicated secret.keyFile option that mounts the existing secret as files and passes the appropriate flags
This would allow Kubernetes users to leverage the key file feature from #1814 without patching the chart.