Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

helm: add reana secret key #311

Merged
merged 2 commits into from
May 20, 2020
Merged

helm: add reana secret key #311

merged 2 commits into from
May 20, 2020

Conversation

mvidalgarcia
Copy link
Member

@mvidalgarcia mvidalgarcia commented May 18, 2020
edited
Loading

closes reanahub/reana-db#66

⚠️ The reana-dev setup-environment problem (encrypted token output) still need to be addressed or ticketized.

mvidalgarcia
mvidalgarcia commented May 19, 2020
View reviewed changes
helm/reana/templates/reana-server.yaml
@@ -93,6 +93,11 @@ spec:
secretKeyRef:
name: {{ include "reana.prefix" . }}-cern-gitlab-secrets
key: REANA_GITLAB_HOST
- name: REANA_SECRET_KEY
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do I need to add this env also in reana-workflow-controller.yaml? I see there are other cases in both templates such us REANA_DB_USERNAME.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In principle, we do not access user.access_token anywhere else than in RS, if SQLAlchemy doesn't need it (does lazy loading) we can skip adding it there (the fewer places we have this key loaded the best from a security point of view). I would say it needs testing.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How would you test it?

@diegodelemos diegodelemos mentioned this pull request May 20, 2020
Merged
@diegodelemos diegodelemos merged commit 7ce593c into reanahub:master May 20, 2020
@mvidalgarcia mvidalgarcia deleted the r-db/66-encrypt-token branch May 20, 2020 12:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@diegodelemos diegodelemos diegodelemos approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

models: encrypt user access token
2 participants
@mvidalgarcia @diegodelemos