Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kubernetes secrets should not be stored as environment variables. #1816

Closed
AleksandarSavchev opened this issue Apr 16, 2024 · 0 comments · Fixed by #1842
Closed

Kubernetes secrets should not be stored as environment variables. #1816

AleksandarSavchev opened this issue Apr 16, 2024 · 0 comments · Fixed by #1842
Labels
component/dashboard Gardener Dashboard kind/enhancement Enhancement, improvement, extension status/closed Issue is closed (either delivered or triaged)

Comments

@AleksandarSavchev
Copy link

What would you like to be added:
Currently gardener-dashboard stores multiple secrets as environment variables: SESSION_SECRET, OIDC_CLIENT_ID, OIDC_CLIENT_SECRET, GITHUB_AUTHENTICATION_APP_ID, GITHUB_AUTHENTICATION_CLIENT_ID, GITHUB_AUTHENTICATION_CLIENT_SECRET, GITHUB_AUTHENTICATION_INSTALLATION_ID, GITHUB_AUTHENTICATION_PRIVATE_KEY, GITHUB_WEBHOOK_SECRET.

I would like these secrets to not be stored as environment variables. A solution can be for the secrets to be mounted as config/secret files and read from there.

Why is this needed:
Gardener aims to comply with DISA K8s STIGs. This issue is in sync with rule 242415.
@AleksandarSavchev AleksandarSavchev added component/dashboard Gardener Dashboard kind/enhancement Enhancement, improvement, extension labels Apr 16, 2024
@petersutter petersutter mentioned this issue Apr 24, 2024
Merged
@gardener-robot gardener-robot added the status/closed Issue is closed (either delivered or triaged) label May 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
component/dashboard Gardener Dashboard kind/enhancement Enhancement, improvement, extension status/closed Issue is closed (either delivered or triaged)
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Comply with DISA STIG V-242415 by mounting secrets as files gardener/dashboard
2 participants
@AleksandarSavchev @gardener-robot