High level design

Components

Services
- Creates secrets (CRD)
- Requests access to secrets as RO/RW
K8 Operator
- Interacts with the canister to get latest policies in form of ACL
- Adds sidecar to services with permission to use RW secrets. RW here means the sidecar will rotate the secret.
- In cases where services use RO access to secret, the service will depend on at least 1 service with RW access to the same secret.
- Listens for RW service to update secret which will then be propogated to RO services that are dependencies.
ICP Canister
- Manages ACL, includes permission to create secrets and access them through services.