Hello!
I’m looking to an api-key header with a value to be matched within an authorization policy, however, I’d prefer not to put the key value directly in the AuthorizationPolicy manifest, but instead source the value from a secret (or an environment variable sourced from a secret).
I saw a reference to this being possible, but I’m unable to find any examples of how to achieve such a thing…
Any help will be much appreciated!
Example Authroziation Policy:
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
labels:
app: my-app
name: my-app-policy
spec:
action: ALLOW
rules:
- when:
key: request.headers[api-key]
values: ["${MY_API_KEY_VALUE}"] # <-- Pull from a secret location
- from:
- source:
remoteIpBlocks:
- "1.2.3.4"
- "5.6.7.8"
selector:
matchLabels:
app: my-app