Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-7563

Prefer using secrets as files over secrets as environment variables

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • None
    • GitOps
    • None
    • Product / Portfolio Work
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • 50% To Do, 50% In Progress, 0% Done
    • None
    • None
    • None
    • None
    • None
    • None

      What is the nature and description of the request ?

      Customer is using sysdig monitor to check and validate compliance state of their RHOCP 4.16 environment where they have openshift-gitops running.
      While running the compliance rules, cu identified that some pods/deployment etc are referenced with secrets that are configured as environment variable which is against their security policy so customer wants these secrets to be configured as files.

       

      Why does the customer need this? (List the business requirements here)

      This is against the customer CISO security team policy to configure secrets as environment variable and they needs this fixed in upcoming versions.

       

      List any affected packages or components.

      Secrets are affected which are being used inside the openshift-gitops project.

      Additional Info:

      For detail analysis of the compliance rule, Please check the attachment in section 2.5.4.1

        1. CIS Red Hat OpenShift Container Platform Benchmark V1.7.0.pdf
          2.63 MB

              halawren@redhat.com Harriet Lawrence
              rhn-support-shaising Shailendra Singh
              None
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                None
                None