Hey, For production-ready deployment, how do you manage permissions for developers? Since Flyte does not support RBAC, I’m curious to understand how domains (development, staging, production) are separated in a secure way, not just logically. Thanks!

For public reference: https://docs.flyte.org/projects/cookbook/en/latest/auto/core/containerization/use_secrets.html#configuring-a-secret-management-system-plugin In summary: K8s secrets is the default (but not the only) secrets provider.

When using the K8s secret manager plugin, which is enabled by default, the secrets need to be available in the same namespace as the task execution (for example

flytesnacks-development

). K8s secrets can be mounted as either files or injected as environment variables into the task pod, so if you need to make larger files available to the task, then this might be the better option.

Furthermore, this method also allows you to have separate credentials for different domains but still using the same name for the secret.

Amazing! Thank u!