Flyte enables production-grade orchestration for machine learning workflows and data processing created to accelerate local workflows to production.

Flyte

Does Flyte support secret rotation?

We're running Flyte on AWS EKS, and using AWS Secrets Manager to manage our secrets. Secrets get synchronised to the cluster at regular intervals using the <https://external-secrets.io/latest/|External Secrets operator>. Rotating secrets is one of my preferred ways to limit exposure if and when we have a secret leak, by default <https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod|Kubernetes will track secrets mounted as a volume and rotate the dependents> so that's what we tend to do with our deployments.

For instance when our database password rotates, we predictably get `500` failures as each of the components (flytepropellor, flytescheduler, flyteadmin ...) as they can't login to the database. A workaround is to kill all the pods in Flyte namespace when that rotation occurs, but ideally I'd like Flyte to rotate if the config is stale.

If it currently supports it great, if not I'll look to raise issue and a PR for it.

Hey Emlyn

Currently, Flyte's cluster resource manager can be used  to manage cluster-scoped resources but not to automate rollouts on secrets mutation. That'd need to be handled by an external controller

BTW in Union this is not an issue for the DB layer.
For services you'd need to use mounted secrets and rotate the mount.