Kubernetes secrets should not be stored as environment variables. #1816
Labels
component/dashboard
Gardener Dashboard
kind/enhancement
Enhancement, improvement, extension
status/closed
Issue is closed (either delivered or triaged)
What would you like to be added:
Currently
gardener-dashboard
stores multiple secrets as environment variables:SESSION_SECRET
,OIDC_CLIENT_ID
,OIDC_CLIENT_SECRET
,GITHUB_AUTHENTICATION_APP_ID
,GITHUB_AUTHENTICATION_CLIENT_ID
,GITHUB_AUTHENTICATION_CLIENT_SECRET
,GITHUB_AUTHENTICATION_INSTALLATION_ID
,GITHUB_AUTHENTICATION_PRIVATE_KEY
,GITHUB_WEBHOOK_SECRET
.I would like these secrets to not be stored as environment variables. A solution can be for the secrets to be mounted as config/secret files and read from there.
Why is this needed:
Gardener aims to comply with DISA K8s STIGs. This issue is in sync with rule 242415.
The text was updated successfully, but these errors were encountered: