Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Store sensitive details in secrets #326

Closed
mangelajo opened this issue Feb 5, 2020 · 20 comments
Closed

Store sensitive details in secrets #326

mangelajo opened this issue Feb 5, 2020 · 20 comments
Assignees
@skitt
Labels
confirmed For issues and PRs which we definitely want (disables the stale bot) enhancement New feature or request priority:high release-note-needed Should be mentioned in the release notes size:medium This can be implemented in a single sprint

Comments

@mangelajo
Copy link
Contributor

Things that can be stored on (ideally separate) secrets:

a) the ipsec-psk (or other cable engine related secrets)
b) the token/cert (just a copy of the service account secret created on the broker)

Secrets won't buy extra security because, with the right permissions can be extracted. But it will make it:

  1. Cleaner when showing pods, the secrets won't be dumped on screen
  2. Easier to update
@mangelajo mangelajo added enhancement New feature or request help wanted Looking for someone to work on this labels Feb 5, 2020
@mangelajo
Copy link
Contributor Author

@roytman ^

@stale
Copy link

stale bot commented Jun 4, 2020

This issue has been automatically marked as stale because it has not had activity for 120 days. It will be closed if no further activity occurs. Please make a comment if this issue/pr is still valid. Thank you for your contributions.

@stale stale bot added the wontfix This will not be worked on label Jun 4, 2020
@stale stale bot closed this as completed Jun 11, 2020
@mangelajo mangelajo reopened this Jun 11, 2020
@stale stale bot removed the wontfix This will not be worked on label Jun 11, 2020
@stale
Copy link

stale bot commented Sep 30, 2020

This issue has been automatically marked as stale because it has not had activity for 60 days. It will be closed if no further activity occurs. Please make a comment if this issue/pr is still valid. Thank you for your contributions.

@stale stale bot added the wontfix This will not be worked on label Sep 30, 2020
@tpantelis
Copy link
Contributor

bump

@stale stale bot removed the wontfix This will not be worked on label Sep 30, 2020
@stale
Copy link

stale bot commented Nov 29, 2020

This issue has been automatically marked as stale because it has not had activity for 60 days. It will be closed if no further activity occurs. Please make a comment if this issue/pr is still valid. Thank you for your contributions.

@stale stale bot added the wontfix This will not be worked on label Nov 29, 2020
@tpantelis
Copy link
Contributor

bump

@stale stale bot removed the wontfix This will not be worked on label Nov 30, 2020
@nyechiel
Copy link
Member

nyechiel commented Jan 3, 2021

See also #815

@stale
Copy link

stale bot commented Mar 4, 2021

This issue has been automatically marked as stale because it has not had activity for 60 days. It will be closed if no further activity occurs. Please make a comment if this issue/pr is still valid. Thank you for your contributions.

@stale stale bot added the wontfix This will not be worked on label Mar 4, 2021
@mangelajo mangelajo removed the wontfix This will not be worked on label Mar 4, 2021
@skitt
Copy link
Member

skitt commented Mar 4, 2021

This is still relevant.

@stale
Copy link

stale bot commented May 3, 2021

This issue has been automatically marked as stale because it has not had activity for 60 days. It will be closed if no further activity occurs. Please make a comment if this issue/pr is still valid. Thank you for your contributions.

@stale stale bot added the wontfix This will not be worked on label May 3, 2021
@tpantelis
Copy link
Contributor

bump

@stale stale bot removed the wontfix This will not be worked on label May 3, 2021
@stale
Copy link

stale bot commented Jul 3, 2021

This issue has been automatically marked as stale because it has not had activity for 60 days. It will be closed if no further activity occurs. Please make a comment if this issue/pr is still valid. Thank you for your contributions.

@stale stale bot added the wontfix This will not be worked on label Jul 3, 2021
@skitt
Copy link
Member

skitt commented Jul 5, 2021

This is still relevant.

@stale stale bot removed the wontfix This will not be worked on label Jul 5, 2021
@stale
Copy link

stale bot commented Nov 2, 2021

This issue has been automatically marked as stale because it has not had activity for 60 days. It will be closed if no further activity occurs. Please make a comment if this issue/pr is still valid. Thank you for your contributions.

@stale stale bot added the wontfix This will not be worked on label Nov 2, 2021
@skitt skitt added confirmed For issues and PRs which we definitely want (disables the stale bot) and removed wontfix This will not be worked on labels Nov 2, 2021
@dfarrell07
Copy link
Member

@skitt is working on this with PRs like submariner-io/submariner-operator#1687

@skitt skitt self-assigned this Dec 14, 2021
@skitt skitt removed the help wanted Looking for someone to work on this label Dec 14, 2021
@skitt skitt added the size:medium This can be implemented in a single sprint label Dec 14, 2021
@nyechiel nyechiel added the release-note-needed Should be mentioned in the release notes label Dec 14, 2021
@nyechiel
Copy link
Member

@skitt can this be closed now or is there anything else needed?

@skitt
Copy link
Member

skitt commented Feb 21, 2022

@skitt can this be closed now or is there anything else needed?

I’m trying to check, but make deploy no longer works for me, I need to fix that first.

Ideally we’d only use secrets to close this issue, but that has to wait for 0.13; perhaps we can track that as a separate issue.

@skitt skitt mentioned this issue Feb 22, 2022
Open
@skitt
Copy link
Member

skitt commented Feb 22, 2022

Everything that should be in a secret is now in a secret; I’ve filed submariner-io/submariner-operator#1869 to ensure we remove the non-secret occurrences in 0.13.

@skitt skitt closed this as completed Feb 22, 2022
@nyechiel
Copy link
Member

@skitt anything we should update in our docs to reflect these changes?

@skitt
Copy link
Member

skitt commented Feb 22, 2022

@skitt anything we should update in our docs to reflect these changes?

We don’t describe this in the docs currently, I’ve filed submariner-io/submariner-website#678 to make sure we don’t forget to change this situation (but it’s not required for 0.12 IMO, it’s only liable to create problems once we drop support for the non-secret variants).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@skitt skitt

Labels
confirmed For issues and PRs which we definitely want (disables the stale bot) enhancement New feature or request priority:high release-note-needed Should be mentioned in the release notes size:medium This can be implemented in a single sprint
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@dfarrell07 @mangelajo @skitt @nyechiel @tpantelis