IDSA keys storage in k8s secrets

[c0c0n3]

At the moment both pub and private keys sit in the adapter config. While it's okay for the pub key to be there, we should find a better home for the private key---think raising the bar for security. Figure out if Istio Citadel could help here or should we rather use K8s secrets/tmpfs volumes? Any other options?

The advantage of adapter config storage is access speed and caching. We should consider these two factors too when scratching around for a solution.

[chicco785]

step 0 secret, then if resource allows i would investigate citadel

[gboege]

I would go for the more docker/k8s solution. To make it easier to understand in the first run. If we face performance issues, we should have it in mind.

[c0c0n3]

If my memory serves me well, K8s secret volumes get mounted on a tmpfs which is normally RAM- backed. So key look up should be darn fast...well, at least that's the theory, time will tell :-)