Loading...

XML

Word

Printable

Details

Type: Feature Request
Resolution: Duplicate
Priority: Major
Fix Version/s: None
Affects Version/s: 2.13.2 GA
Component/s: 3scale Operator
Labels:
- support

Blocked:
False
Blocked Reason:
None
Ready:
False
3Scale PT Tested upstream:
Not Started
3scale PT Docs:
Not Started
3scale PT Product Specs:
Not Started
3scale PT Product Update Ready:
Not Started
3scale PT Released In Saas:
Not Started
3scale PT Verified Product:
Not Started
Hierarchy Progress:
0
Hierarchy Progress Bar:

0% 0%

SFDC Cases Links:
SFDC Cases Counter:

Description

For customers managing products using CI/CD that have policy chains that involve sensitive data like tokens it can be difficult to provide that data in a way that does not require that data to be placed in a GIT repository or similar - especially when the Product is managed by the Operator so any value changes are overridden by the Operator during reconciliation.

For example, where "client_secret" is placed in this policy config it would be preferable to have an OpenShift secret reference so that the value would not need to be stored unencrypted in the customers GIT repository:

policies:
    - name: "token_introspection"
      version: builtin
      configuration:
        auth_type: "client_id+client_secret"
        client_id: "example-client"
        client_secret: "client_secret"
        introspection_url: "https://sso.example.com/auth/realms/foo/openid-connect/token/introspect"
      enabled: true

Attachments

Issue Links

duplicates

THREESCALE-8002 Enable using secretKeyRef to specify APIcast policies configurations

Closed

links to

3scale - Store sensitive policy chain values in OpenShift Secrets

Activity

People

Assignee:: Unassigned

Reporter:: Aimi Hobson

Votes:: 5 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2023/06/05 11:54 PM

Updated:: 2024/02/29 9:23 AM

Resolved:: 2023/06/27 9:03 AM