Allow generation of pseudo-random secrets #112
Description
Is your feature request related to a problem? Please describe.
The generation of purely random secrets is a good feature, but this means that if we lose the secret, we lose access to the data that the secret protects.
Backing the secrets up is a solution to this problem, but it just moves the responsibility of resilience to the backup.
Describe the solution you'd like
I would like to be able to setup the secret generator in such a way that the secrets it generates are pseudo-random and actually recoverable from .
They could be derived from a root secret (what I call a "seed") that I set up in the secret generator, with another set of values (secret name, namespace, ...) that make it so that if I ask for the same secret again, the same value is generated.
We could also make it possible to alter the set of values so that the secret can be rotated if it has been leaked somehow. For instance, including an annotation like "generation: " could allow to change the secret. (it is then on the user to perform the migration of the data this secret protects to the new secret).
This looks a lot like the usual Password Managers that we all use in our daily live: we use a main password (my "seed" above) to store all the secrets. I just tie the secret content to that seed.
Describe alternatives you've considered
None to be honest.
Additional context