Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Helm: mount secrets as files instead of env vars #897

Closed
iainsproat opened this issue Aug 5, 2022 · 1 comment
Closed

Helm: mount secrets as files instead of env vars #897

iainsproat opened this issue Aug 5, 2022 · 1 comment
Assignees
@iainsproat
Labels
[ devops ] enhancement New feature or request helm

Comments

@iainsproat
Copy link
Contributor

What package are you referring to?
Helm Chart and all services

Is your feature request related to a problem? Please describe.
https://www.tenable.com/audits/items/CIS_Kubernetes_v1.20_v1.0.0_Level_2_Master.audit:98de3da69271994afb6211cf86ae4c6b

Describe the solution you'd like
Secrets should be mounted as files instead of environment variables.

Describe alternatives you've considered

Additional context
@iainsproat iainsproat added enhancement New feature or request helm labels Aug 5, 2022
@iainsproat iainsproat self-assigned this Aug 5, 2022
@iainsproat iainsproat mentioned this issue Aug 15, 2022
Closed
1 task
iainsproat added a commit that referenced this issue Aug 29, 2022
@iainsproat
refactor(server): load secrets from file instead of env var
f6bdf9c 
Security recommendations for Kubernetes are to mount secrets from file instead of env vars.  Env
vars are available to all users of a container, often get leaked in log output etc..  If file does
not exist, secrets are loaded from env var for backward compatibility.

fix #897
@iainsproat iainsproat mentioned this issue Aug 29, 2022
Closed
6 tasks
iainsproat added a commit that referenced this issue Aug 30, 2022
@iainsproat
refactor(server): use convict to create configuration
0a631dd 
Configuration defined by schema and passed as an object

fixes #897
@iainsproat
Copy link
Contributor Author

Closing as superseded by https://linear.app/speckle/issue/WEB-1417/mount-secrets-via-files-instead-of-environment-variables

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@iainsproat iainsproat

Labels
[ devops ] enhancement New feature or request helm
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

refactor(server): load secrets from file instead of env var specklesystems/speckle-server
2 participants
@iainsproat @didimitrie