Skip to content

Kubernetes provider for external identities #658

New issue
New issue
Open
Feature
Open
Kubernetes provider for external identities#658
Feature
Assignees
nimish-ks
Labels
backendenhancementNew feature or requestfrontendChange in frontend codepythonPull requests that update Python codetypescriptPull requests that update Typescript code
@nimish-ks

Description

@nimish-ks
nimish-ks
opened on Oct 7, 2025

Is your feature request related to a problem?

Currently, for a user choosing to sync secrets in Phase to a Kubernetes Cluster via the Phase Kubernetes Operator manual provisioning of a Phase Service Toke is need inside of the cluster as a managed secret. While this works well for smaller clusters, this creates unneeded operational overhead for larger cluster or for users will multiple parallel clusters.

Describe the solution you'd like

Add an external identities API that will allow a client to use a Kubernetes JWT token that Phase can validate and return a token if a trust relationship to a Kubernetes Service Account exists.

Additional context

We will also have to update the Kubernetes Secrets Operator to support this new external identity.

Metadata

Metadata

Assignees

Labels

backendenhancementNew feature or requestfrontendChange in frontend codepythonPull requests that update Python codetypescriptPull requests that update Typescript code

Type

Feature

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions