Is it possible to access secrets in parent namespace from a child namespace in namespaces with hierarchical relationship?
Hello @hgadatia, unless I have misunderstood the new feature, you would need to authenticate to the parent namespace first. You can, however, write policies that allow access from the parent to the child namespace. For example:
Short answer is No.
Longer answer is still NO, but with an explanation. Not only are secrets “Namespaced” so is everything administrative - including policies. It would be too easy, in a child namespace to “Read my Parent” or even “Create a policy to read all namespaces.”
There is something that allows you to share with sibling namespaces:
Otherwise You need to either invert the relationship somehow or rethink how the solution is done.
For example - If all that is needed is a one time secret or value, it may be useful to have a “parent” wrap the secret in a cubbyhole, and have the child “unwrap” the secret for use.
but the answer is NO - because that is how it was designed.