The documentation here explains how the http.send() method can be used to make GET requests to external data sources. However for calls to internal sources the request would require a token of some kind to be supplied.

这里的文档解释了如何使用HTTP.Send()方法向外部数据源发出GET请求。但是，对于对内部来源的调用，请求将需要提供某种令牌。

Is there a way of doing this in a secure manner such that the token is not hard-coded into the body of the policy? For instance calling on it when the policy is called to check against a request.

有没有办法以一种安全的方式完成这项工作，使令牌不会被硬编码到策略的主体中？例如，当策略被调用以针对请求进行检查时调用它。

As I am using Gatekeeper from a Kubernetes environment, my idea was of mounting a file containing the secret to the pod running Gatekeeper, but that seems a bit overkill and still prone to breaches so wanted to see if there is a better way of handling things?

当我从Kubernetes环境中使用GateKeeper时，我的想法是挂载一个包含运行GateKeeper的Pod的秘密的文件，但这似乎有点过分，仍然容易被攻破，所以想看看是否有更好的方法来处理事情？