Currently, the Redis password for ArgoCD components is exposed as an environment variable sourced from a Kubernetes secret (valueFrom.secretKeyRef). This method poses a security risk as environment variables can be unintentionally logged or become visible in debugging scenarios.

This epic aims to enhance the security posture by migrating the Redis password access method from environment variables to secure volume mounts within the ArgoCD component containers. This aligns with best practices for secret management in Kubernetes.

Acceptance Criteria:

• GitOps components successfully connect to Redis using the password provided via volume mount.

• The valueFrom.secretKeyRef entry for the Redis password environment variable is removed from the GitOps component.

• No Redis password or sensitive information is visible in container environment variables for the GitOps components.

• The solution is implemented and verified.

Definition of Done

• • Code Complete:
    • All code has been written, reviewed, and approved.
  • Tested:
    • Unit tests have been written and passed.
    • Ensure code coverage is not reduced with the changes.
    • Integration tests have been automated.
    • System tests have been conducted, and all critical bugs have been fixed.
    • Tested and merged on OpenShift either upstream or downstream on a local build.
  • Documentation:
    • User documentation or release notes have been written (if applicable).
  • Build:
    • Code has been successfully built and integrated into the main repository / project.
    • Midstream changes (if applicable) are done, reviewed, approved and merged.
  • Review:
    • Code has been peer-reviewed and meets coding standards.
    • All acceptance criteria defined in the user story have been met.
    • Tested by reviewer on OpenShift.
  • Deployment:
    • The feature has been deployed on OpenShift cluster for testing.