cameleer/cameleer-saas
1
0
Fork 0
Code Issues 22 Pull Requests Actions Packages Projects Releases Wiki Activity

Phase 5 (original) — Secrets: DEFERRED #27

New Issue
Open
opened 2026-03-30 09:24:04 +02:00 by claude · 0 comments
claude commented 2026-03-30 09:24:04 +02:00
Owner
Copy Link

Status: DEFERRED

Architecture decision (2026-04-04): Secrets management is deferred. Docker deployments use environment variables + mounted files. K8s deployments use K8s Secrets. HashiCorp Vault integration is enterprise-tier complexity — defer until customer demand exists. See docs/superpowers/specs/2026-04-04-dual-deployment-architecture.md.

Original Scope

Secrets management for customer Camel application configuration. Per-environment scoping, rotation, vault integration.

Current Approach

  • Docker: Environment variables + mounted secret files (simple, air-gapped compatible)
  • K8s: K8s Secrets (native, well-understood)
  • Vault: Deferred until enterprise customers demand it

When to Revisit

  • When an enterprise customer requires external vault integration
  • When SOC 2 audit specifically flags secret rotation gaps

PRD Reference

Section 8 (Secrets Management)
Superseded by: docs/superpowers/specs/2026-04-04-dual-deployment-architecture.md

## Status: DEFERRED > **Architecture decision (2026-04-04):** Secrets management is deferred. Docker deployments use environment variables + mounted files. K8s deployments use K8s Secrets. HashiCorp Vault integration is enterprise-tier complexity — defer until customer demand exists. See `docs/superpowers/specs/2026-04-04-dual-deployment-architecture.md`. ## Original Scope Secrets management for customer Camel application configuration. Per-environment scoping, rotation, vault integration. ## Current Approach - **Docker:** Environment variables + mounted secret files (simple, air-gapped compatible) - **K8s:** K8s Secrets (native, well-understood) - **Vault:** Deferred until enterprise customers demand it ## When to Revisit - When an enterprise customer requires external vault integration - When SOC 2 audit specifically flags secret rotation gaps ## PRD Reference Section 8 (Secrets Management) Superseded by: `docs/superpowers/specs/2026-04-04-dual-deployment-architecture.md`
claude added the phase-5secrets labels 2026-03-30 09:24:46 +02:00
claude changed title from Phase 5: Secrets + Config Management to Phase 5 (original) — Secrets: DEFERRED 2026-04-04 14:40:17 +02:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
auth
Identity, authentication, OIDC, RBAC
 billing
Billing, metering, and Stripe integration
 day-1
Required for initial launch
 epic
Top-level epic grouping related issues
 future
Planned for future release
 infra
Infrastructure, GitOps, K8s orchestration
 licensing
License module and feature gating
 networking
Network isolation, VPN, tenant separation
 observability
Observability integration (cameleer3-server)
 ops
Platform operations and self-monitoring
 phase-1
Phase 1: Foundation + Auth
 phase-2
Phase 2: Tenants + Licensing
 phase-3
Phase 3: Runtime Orchestration + Environments
 phase-4
Phase 4: Observability Pipeline + Inbound Routing
 phase-5
Phase 5: K8s Operational Layer
 phase-6
Phase 6: Billing + Metering
 phase-7
Phase 7: Billing + Metering
 phase-8
Phase 8: Security Hardening + Self-Monitoring
 phase-9
Phase 9: Frontend (React Shell)
 platform
SaaS management platform
 runtime
Camel application runtime
 secrets
Secrets management and vault integration
 security
Security, compliance, SOC 2, audit
 task
Implementation task within a phase
No Label phase-5 secrets
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
claude
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: cameleer/cameleer-saas#27
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?