Good to learn, Thanks. But I agree more with those who suggest to bind key/secret rotation with config versions (= you can only delete an old secret after all pods using it redeployed to next version with new config).
Another approach that sometime is supported, is to use a proxy that handles secret based connections. Like a MySQL pod proxy that you connect to which take care of reconnecting to his upstream on secret change.
Both are transparent to the app pod (and its developers)
Another approach that sometime is supported, is to use a proxy that handles secret based connections. Like a MySQL pod proxy that you connect to which take care of reconnecting to his upstream on secret change.
Both are transparent to the app pod (and its developers)