I had a question regarding the configuration of harness application such that secret management can be done better. So we have three pillars (diagram below) of applications setup in items team each login into cloud foundry(pcf) with different login credentials.
Each pillar has set of subgroups which further have a set of microservices (loader1,loader2,Api-service1…etc). This was managed in gitlab with the help of groups which included three levels of groups.
Hope this diagram describes the idea better
As of now we got an harness application provisioned with the name item-applications where we would potentially deploy all the microservices (loaders and services). Each layer in above has its own set of secrets that are shared among multiple levels(loaders,subgroups or api-services).
Pillar1 will have its secret shared among Pillar1. subgroup1 and Pillar1.subgroup2 and those will be further shared with microservices ( loader1 and loader2 )
subgroup1 will have a set of secrets that will be shared among microservices ( loader1 and loader2 )
There can also conflicting secrets among subgroups of different pillars .
if we have Pillar1.subgroup1 has a secret called DB_PASSWORD we would have same secret DB_PASSWORD in Pillar2.subgroup1 with a different value .
What is the recommended way to configure such set of applications?
Is there a way to configure these secrets under one single item-applications with multiple environments for each subgroup in a pillar?
Do we need to request for two more harness applications to be setup sucg that we will have one application for each pillar?
Is there a way I can configure applications in any different manner such that the secrets can be shared without the conflict values?
Thanks for the assistance.