environment variables in curly brackets are interpreted as secrets

environment variable within curly brackets are interpreted as a secret

we use a environment variable `${CREDHUB_POSTGRES_HOST}` in our secret template +stringdata
see how we use it here. 
https://github.com/cloudfoundry/bosh-community-stemcell-ci-infra/blob/main/config/credhub/secrets.yml#L77


a small example:
```
---
apiVersion: secretgen.carvel.dev/v1alpha1
kind: SecretTemplate
metadata:
  name: new-secret
spec:
  #! list of resources to read information off
  inputResources:
  - name: username-secret
    ref:
      apiVersion: v1
      kind: Secret
      name: username
  template:
    stringData:
      application.yml: |
        foo: bar
        address: "${CREDHUB_POSTGRES_HOST}"
```

secretgen controller is spitting out the following error
```
insertId: "mb8yqauemnbi5zgs"
jsonPayload: {
error: "templating stringData: unrecognized identifier CREDHUB_POSTGRES_HOST"
level: "error"
logger: "controller.sg-template"
msg: "Reconciler error"
name: "credhub-config"
namespace: "concourse"
stacktrace: "sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2
	sigs.k8s.io/controller-runtime@v0.10.3/pkg/internal/controller/controller.go:227"
ts: 1660813208.7108898
}
labels: {5}
logName: "projects/cloud-foundry-310819/logs/stderr"
receiveTimestamp: "2022-08-18T09:00:15.000212012Z"
resource: {2}
severity: "ERROR"
timestamp: "2022-08-18T09:00:08.711057208Z"
}
```

see discussion at 
https://kubernetes.slack.com/archives/CH8KCCKA5/p1660856228615859?thread_ts=1660813747.061909&cid=CH8KCCKA5

secretgen v0.10.3



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

environment variables in curly brackets are interpreted as secrets #102

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development