Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Store credentials into secrets instead of plain text of CheCluster CR fields #16243

Closed
sleshchenko opened this issue Mar 5, 2020 · 5 comments
Closed

Store credentials into secrets instead of plain text of CheCluster CR fields #16243

sleshchenko opened this issue Mar 5, 2020 · 5 comments
Labels
kind/task Internal things, technical debt, and to-do tasks to be performed. severity/P1 Has a major impact to usage or development of the system.
Milestone
7.11

Comments

@sleshchenko
Copy link
Member

sleshchenko commented Mar 5, 2020
edited

Is your task related to a problem? Please describe.

In K8s world, it's a good practice storing credentials, especially password in secrets. It would be great if che-operator follow this approach.

Describe the solution you'd like

I believe we must store in plain-text only non-sensitive info, let's say users can share with others. Everything else must be stored in secrets.

Screenshot_20200305_152204
instead we could have

spec:
  auth:
    identityProviderPassword:
      secretName: postgres
      key: keycloak-password
    identityProviderUsername:
      secretName: postgres
      key: keycloak-username
  database:
    password:
      secretName: postgres
      key: che-password
    chePostgresUsername:
      secretName: postgres
      key: che-username
@sleshchenko sleshchenko added kind/task Internal things, technical debt, and to-do tasks to be performed. team/deploy labels Mar 5, 2020
@che-bot che-bot added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Mar 5, 2020
@sleshchenko
Copy link
Member Author

cc @tolusha @davidfestal

@davidfestal
Copy link
Contributor

There's already an issue for that on the CRW side that has been discussed this morning at deploy team prio.

@davidfestal
Copy link
Contributor

@tolusha Maybe you would like to link the CRW issue to this upstream one ?

@tolusha
Copy link
Contributor

tolusha commented Mar 5, 2020

#16239

@tolusha
Copy link
Contributor

tolusha commented Mar 5, 2020

https://issues.redhat.com/browse/CRW-372

@tolusha tolusha mentioned this issue Mar 5, 2020
Closed
@tolusha tolusha added severity/P1 Has a major impact to usage or development of the system. and removed status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. labels Mar 5, 2020
@tolusha tolusha added this to the Backlog - Deploy milestone Mar 5, 2020
@tolusha tolusha mentioned this issue Mar 10, 2020
Closed
45 tasks
@nickboldt nickboldt modified the milestones: Backlog - Deploy, 7.10.0, 7.11.0 Mar 11, 2020
@nickboldt nickboldt mentioned this issue Mar 11, 2020
Closed
27 tasks
@tolusha tolusha mentioned this issue Mar 16, 2020
Merged
@tolusha tolusha closed this as completed Mar 25, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/task Internal things, technical debt, and to-do tasks to be performed. severity/P1 Has a major impact to usage or development of the system.
Projects
None yet
Milestone
7.11
Development

No branches or pull requests
5 participants
@nickboldt @davidfestal @tolusha @sleshchenko @che-bot