Using JCasC in kubernetes/openshift container and injecting secrets to /run/secrets. Some of the secrets are binary blobs and hence are cumbersome to include in any other way but file secret. The problem is the requirement to base64 the content is impractical as it essentially require to intercept container creation and JCasC interpretation.

To address that, I suggest to introduce an alternative for secretBytes that would read the content from a file directly (/run/secrets/FOO in this case), and would not require the content to be substituted inside the JCasC at all.

Ex.:

secretPath: "/run/secrets/FOO"