Secrets and configuration injection

Users can define personal secrets on the platform. If they do so, the secrets will be injected in all remote kernels as environment variables. The environment variable name be the secret name.

Additionally environment variables for configuration can be defined on each environment (env key in the specification). Those variables will also be added to the remote kernels.

Under the hood

The secrets are stored in a Hashicorp Vault to use the current highest standards. This implies to request the vault each time a remote kernels is assigned to an user and inject them into the running kernel process as environment variables. The injection is done by leveraging the kernel protocol. To be more precise, the companion sidecar container will open a connection to the kernel and send a code snippet to inject the secrets.

For the environment variables defined in an environment specification, the specification is added to the container specification.