cli: --init-token exposes the init token to the ps command
#61231
Labels
A-authentication
Pertains to authn subsystems
A-security
C-bug
Code not up to spec/doc, specs & docs deemed correct. Solution expected to change code/behavior.
T-server-and-security
DB Server & Security
Projects
Comments
knz
added
C-bug
|
I would prefer to offer both but if I had to pick only one, I'd keep this and advise security sensitive users to use an environment variable. The former still reduces the steps to get running in a cluster. The latter makes integration with k8s secrets easier. |
25 tasks
knz
moved this from To do
to Linked issues (from the roadmap columns on the right)
in DB Server & Security
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Related to #60632
The current definition of the
--init-tokenflag exposes the shared secret string to other users on the machine via thepscommand.Is this OK?
It seems to me that we instead want a
--init-token-fileand have the value of the token stored in a file instead. WDYT?Jira issue: CRDB-3050
Epic: CRDB-6663
The text was updated successfully, but these errors were encountered: