Container secret mounts » History » Version 1

Tom Clegg, 02/27/2018 08:17 PM

1 1 Tom Clegg
h1. Container secret mounts
2 1 Tom Clegg
3 1 Tom Clegg
"secret_mounts" (?) behave just like mounts, except:
4 1 Tom Clegg
* Only literal content is allowed (text, json)
5 1 Tom Clegg
* Value of secret_mounts is never returned in a container request or container API response, except a new "containers#secrets" API which must be authenticated by the container's own runtime token
6 1 Tom Clegg
* Never appears in container logs
7 1 Tom Clegg
* Never appears in the Arvados logs table
8 1 Tom Clegg
* Never appears in websocket updates
9 1 Tom Clegg
* Never appears in API server request logs
10 1 Tom Clegg
11 1 Tom Clegg
It is an error for the same key (mount path) to appear in both mounts and secret_mounts.