Is there a need to specify dbPassword multiple times?

[svenakela]

In this doc and example for ha config, the dbPassword is specified in multiple places.

The first extra secret, why is it needed when the last two are specified?

Here:

lapi:
  replicas: 2
  extraSecrets:
    dbPassword: "secretpassword"

Here:

  env:
    - name: DB_PASSWORD
      valueFrom: 

And here

config:
  config.yaml.local: |
    db_config:
      type:     mysql
      user:     crowdsec
      password: ${DB_PASSWORD}

If the DB password is in a secret, wouldn't it be better to configure the extraSecrets.dbPassword as a proper secret too? Writing passwords in plain text hurts my brain.

[github-actions]

@svenakela: Thanks for opening an issue, it is currently awaiting triage.

If you haven't already, please provide the following information:

• kind : bug, enhancementor documentation
• area : agent, appsec, configuration, cscli, local-api

In the meantime, you can:

1. Check Crowdsec Documentation to see if your issue can be self resolved.
2. You can also join our Discord.
3. Check Releases to make sure your agent is on the latest version.

Details

I am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the forked project rr404/oss-governance-bot repository.

[github-actions]

@svenakela: There are no 'kind' label on this issue. You need a 'kind' label to start the triage process.

• /kind bug
• /kind documentation
• /kind enhancement

Details

I am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the forked project rr404/oss-governance-bot repository.

[svenakela]

/kind documentation