►
From YouTube: Secrets Store CSI Community Meeting - 2022-06-09
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Hey
everyone
welcome
to
the
secret
story.
Csi
driver
community
call
today
is
june
9
2022.
This
call
falls
under
the
cncf
code
of
conduct.
It
will
be
recorded
and
also
published
to
youtube.
Please
add
yourself
to
the
attendee
list.
If
you
already
haven't,
I
will
help
moderate
the
call
today.
Anyone
else
wants
to
take
notes.
A
Cool,
I
think
we
have
a
very
small
agenda,
so
dan's
going
to
talk
about
the
sync
option,
pia
that
he
has
open.
So
he
wants
to
talk
about
it
and
then
also
go
through
an
example
that
he
has
so
again
throws
yours.
C
Okay,
so
I
am
on
my
work
laptop
and
it's
making
me
do
system
preferences
so
just
to
avoid
having
to
back
out
of
the
meeting
and
reopen
it.
I
guess
we
can
just
look
at
your
screen.
Initial
okay.
C
C
C
So
if
we
go
scroll
down
a
bit
to
the
examples
and
then
just
open
up
the
opaque
example
in
the
configuration
this
is,
I
put
a
little
extra
here
just
to
demonstrate
the
functionality,
but,
let's
scroll
down
just
a
little
bit,
yeah,
that's
good,
but
ultimately
like
what
we're
trying
to
do
is
make
it
so
that
the
user
doesn't
have
to
specify
a
path
for
for
every
secret
so
with
the
vault
provider.
Specifically,
if
you
don't
specify
a
secret
key
for
an
object
in
the
dot
spec.parameters.objects.
C
List
then
it
mounts
the
full
json
object
that
we
saw
before
with
the
data.datapath,
and
with
this
feature
we
could
use
sync
options
to
target
that
path
so,
and
it
goes
based
on
a
hierarchy.
C
C
A
C
A
Right,
but
when
they
actually
mount
do
they
extract
like
do
they
take
individual
keys
from
the
json
and
write
as
separate
files
like
if
there
is
a
json
blob
which
says
username
is
this
and
password
is
this?
Do
you
know
if
the
aws
templating
does
that
split
it
and
pass
it
as
two
different
files.
C
So
it's
been
a
while,
since
I
looked
at
the
aws
one,
so
what
I
know
from
vault
is
that
if
you
specify
a
secret
key
in
the
objects
list
in
the
parameters,
then
it'll
target
each
of
those
keys
individually.
So
it
like
it
does
a
loop
and
it
requests
those
specific
key
value
pairs
and
then
mounts
it
as
a
plain
text
file
and
when
you
don't
have
the
secret
key,
it
mounts
the
full
json
object
for
that
path
that
you
specify.
C
I
just
remember
that
they
had
their
own
solution
for
targeting
key
value
pairs
and
json
objects
with
their
own
provider,
but
this
is
supposed
to
like
make
it
so
that
the
driver
handles
that
for
all
for
all
secrets:
managers
right.
I'm
sorry.
A
I
I
can
see
this
one,
the
sync
options,
as
I
did
specifically
for
syncing
as
kubernetes
secret
right,
I'm
just
curious
to
see
if
there
is
a
scenario
where
users
also
want
the
files
that
those
are
returned
to
be
each
individual
file.
So
if
it's
a
json,
they
want
us
to
extract
it
like,
and
I'm
curious,
if
aws
is
actually
doing
that
today.
C
B
I
I
have
one
question
like
and
maybe
an
instrument,
but
so
when
so
I'm
curious
or
actually
I'm
sort
of
trying
to
understand
how
driver
sort
of
parses
the
responses
from
a
different
provider.
So,
for
example,
are
we
expect,
let's
say
vault
and
aws
to
return
a
similar
type
of
response,
for
example,
similar
type
of
response
hierarchy,
for
example
like?
Is
it
dot
data
dot
data
for
everything?
Or
is
it
something
that
we
specific
find
a
driver?
And
I
mean
when
we
specify
in
the
driver?
B
We
expect
to
know
that
this
is
how
the
provider
is
gonna,
return
it
and
then-
and
that's
why
this
is
the
path.
C
B
No
so
yeah,
I
think
I
think
in
a
nutshell,
probably
what
we
can
say
is:
when
user
writes
secret
provider
class,
they
are
expected
to
know
what
response
they
are
expecting
from
the
provider
and
then
specify
the
path
accordingly.
A
B
A
B
B
Yeah,
I
I
think
it
is
probably
for
the
extraction
you
need
to
check
again.
A
Yeah,
I
think
aws
is
the
one
that
currently
supports
like
all
of
it.
So
maybe
we
can
see
what
they're
doing
and
if
we
can
address
that
here
and
then
we
can
also
see
if
what
other
issues
have
been
opened
in
other
providers.
Regarding
this
part
and
then,
if
it's
all
only
for
sync,
when
it
is
secret,
then
I
think
that's
fine,
but
if
users
are
also
requesting
for
mount,
then
maybe
we
can
extend
this
for
that
as
well
like
with
templating.
A
B
B
C
A
A
Yeah,
the
post
submit,
looks
good.
A
A
B
A
A
User,
who
requested
for
it
also
is
using
the
gcp
plugin,
so
correct,
yep,
okay,
I
think
that's
it
pretty
much
anything
else
that
you
all
want
to
discuss.
D
D
Yeah,
I
think
I'm
gonna,
probably
phil,
is
probably
gonna
roll
off
of
these
calls,
starting
with
the
next
one
and
I'll
I'll.
Just
help
facilitate
wherever
is
needed.
A
Yeah
and
so
like
we
are
planning
the
1.2
release
next
week
and
then
post
or
two
we
will
do
the
planning
for
one
or
three
like
so
right
now
in
terms
of
planning.
It's
just
some
of
us
folks
getting
on
zoom
call
and
doing
it,
but
we
can
do
like
a
formal
planning
process
like
once.
The
1.2
release
is
complete,
like.
B
A
I
think
that's
it.
Thank
you.
Everyone
for
joining.
We
will
meet
again
in
two
weeks.
I
think
on
23rd.