Secret management without garden cloud?
# 🌱|help-and-getting-started
Hæhæ! Currently assessing an adoption of garden to streamline a thing or two in my cluster. I've been unable grasp how to pass secrets to container modules after surfing the documentation and hitting a "page not found" ( in the FAQ. Has it become a 'cloud only' feature or is it still something that's possible with garden core? I don't have a team of developers to manage(yet🤞 ) so secret management on the cloud level isn't really needed in my use case.
Well well, went a little detour through to find the page it used to link to and kinda answered my own question:
But to make my hassle constructive and give some feedback I'd like to point out that I hit quite a few broken links in the documentation while doing my research. But otherwise it's very easy to adopt for someone like me, with "autodidact" experience of Devops.🖱️
HI @careful-evening-79580, welcome to the Garden Party 🪴 (that's dumb please don't quote me 🥲 ) We recently did a docs overhaul, which is why you're likely to find these broken links. The first link you link to actually resolves for me, however.
Are you able to get by with plain ol' Kubernetes secrets and referencing them via the container module?
Thank you so much for the constructive feedback. @careful-evening-79580, As you might have found already there is a really easy way to reference secrets using the env vars. Which you can get either from your ENVIRONMENT or from a garden.env file, the first is really useful in CI envs as you can easily export those secrets to the ENV and Garden will be able to pick up passing them in your values (inside container module). It would look something like this:
Copy code
kind: Module
name: your-api
  - name: your-api-service
      THIS: ${var.THIS} # this will look in your garden.env or variables object
      THAT: ${local.env.THAT} # This will go actually look to your exported env vars in bash
I use a lot the second option to store things like API Tokens or stuff that I don't want to have in a plain text file but rather exported in my ENV. --- Also you can have K8s secrets applied and just reference them according to the
container module
Hehe thanks! Garden Party🤔 sounds familiar: (

nice song! ❤️
I'll certainly be able to get by with the more "hands in the dirt" approach for now, but hats off for nice monetization of the cloud secret management, it's definately a feature that will be needed for me down the road. Great possibility to know of!
Thank you @bright-policeman-43626! The second option I was not aware of, I'll definately be adopting that.
My pleasure, hopefully that works for you! Feel free to reach out again if you have any further questions about it! ❤️
Hæ Ýmsi! Appreciate the Mezzoforte link. Our dream is to one day get them to play Garden Party at a Garden garden party. That's why secrets are paywalled, it won't be cheap. Jokes aside though, were the broken docs link in the docs proper, or on our website or GitHub? Want to make sure we track them all down 🙂