Keeping my API key secure with a requestHeaderModifier

[aukevanleeuwen]

This is rather silly perhaps, but I've been trying to find a proper solution for a simple a API key that I want to add to all requests to a backend. I've found the requestHeaderModifier, but the values there need to be hard-coded and are not for example a SecretRef of some kind. If that were the case I could restrict access to the secret values.

This seems like an obvious use case to me, so I'm probably doing something wrong?

    - matches:
        - path:
            type: PathPrefix
            value: /
      filters:
        - type: URLRewrite
          urlRewrite:
            hostname: foo.com
        - type: RequestHeaderModifier
          requestHeaderModifier:
            add:
              # TODO: this cannot be a secret?
              - name: X-Api-Key
                value: verysecret
      backendRefs:
        - group: gateway.envoyproxy.io
          kind: Backend
          name: foo.com
          port: 443
          weight: 1

Any help would be appreciated.

[arkodg]

the API key feature #4986 should solve this use case, and will be part of the next v1.3 release (releasing later this month)