-
Feature Request
-
Resolution: Done
-
Normal
-
None
-
4.13
-
False
-
None
-
False
-
Not Selected
-
-
-
-
1. Proposed title of this feature request
[RFE] OpenShift/vmware-vsphere-csi-driver - move exposing secrets in environment variables to mounted secret configuration file.
2. What is the nature and description of the request?
For both PCI-DSS 3.2.1 and CIS Red Hat OpenShift Container Platform 4 benchmarks the entry "Do Not Use Environment Variables with Secrets" entry is marked as medium severity. While reviewing this entry manually it was discovered that this component is in breach of this requirement. As the vmware-vsphere-csi-driver is an internal component of OpenShift this isn't something end users can correct.
The OpenShift/vmware-vsphere-csi-driver operator deploys the vmware-vsphere-csi-driver-controller deployment exposing secrets as environment variables. Attached example from a currently deployed cluster in our environment.
3. Why does the customer need this? (List the business requirements here).
All infrastructure must be PCI-DSS compliant therefore any failures in the benchmark must be corrected or an exception qualified and accepted. If there is a technical reason this request cannot be achieved please advise further.
4. List any affected packages or components.
vsphere-csi-driver
- depends on
-
STOR-1290 Techdebt: Remove use of env. variable for credentials
- Closed