IIUC, your assumptions are all correct. @Kapil, could you please confirm? Maybe we could improve the document at the next Docathon.
Gilbert On Thu, Apr 19, 2018 at 10:57 AM, Zhitao Li <zhitaoli...@gmail.com> wrote: > Hello, > > We at Uber plan to use volume/secret isolator to send secrets from Uber > framework to Mesos agent. > > For this purpose, we are referring to these documents: > > - File based secrets design doc > <https://docs.google.com/document/d/18raiiUfxTh-JBvjd6RyHe_TOScY87G_ > bMi5zBzMZmpc/edit#> > and slides > <http://schd.ws/hosted_files/mesosconasia2017/70/Secrets% > 20Management%20in%20Mesos.pdf> > . > - Apache Mesos secrets documentation > <http://mesos.apache.org/documentation/latest/secrets/> > > Could you please confirm that the following assumptions are correct? > > - Mesos agent and master will never log the secret data at any logging > level; > - Mesos agent and master will never expose the secret data as part of > any API response; > - Mesos agent and master will never store the secret in any persistent > storage, but only on tmpfs or ramfs; > - When the secret is first downloaded on the mesos agent, it will be > stored as "root" on the tmpfs/ramfs before being mounted in the > container > ramfs. > > If above assumptions are true, then I would like to see them documented in > this as part of the Apache Mesos secrets documentation > <http://mesos.apache.org/documentation/latest/secrets/>. Otherwise, we'd > like to have a design discussion with maintainer of the isolator. > > We appreciate your help regarding this. Thanks! > > Regards, > Aditya And Zhitao >
