Hello, We at Uber plan to use volume/secret isolator to send secrets from Uber framework to Mesos agent.
For this purpose, we are referring to these documents: - File based secrets design doc <https://docs.google.com/document/d/18raiiUfxTh-JBvjd6RyHe_TOScY87G_bMi5zBzMZmpc/edit#> and slides <http://schd.ws/hosted_files/mesosconasia2017/70/Secrets%20Management%20in%20Mesos.pdf> . - Apache Mesos secrets documentation <http://mesos.apache.org/documentation/latest/secrets/> Could you please confirm that the following assumptions are correct? - Mesos agent and master will never log the secret data at any logging level; - Mesos agent and master will never expose the secret data as part of any API response; - Mesos agent and master will never store the secret in any persistent storage, but only on tmpfs or ramfs; - When the secret is first downloaded on the mesos agent, it will be stored as "root" on the tmpfs/ramfs before being mounted in the container ramfs. If above assumptions are true, then I would like to see them documented in this as part of the Apache Mesos secrets documentation <http://mesos.apache.org/documentation/latest/secrets/>. Otherwise, we'd like to have a design discussion with maintainer of the isolator. We appreciate your help regarding this. Thanks! Regards, Aditya And Zhitao
