Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement strategy to pass secrets during build time #64

Open
uniqueg opened this issue Oct 9, 2018 · 1 comment
Open

Implement strategy to pass secrets during build time #64

uniqueg opened this issue Oct 9, 2018 · 1 comment
Labels
flag: good 1st issue Good for newcomers priority: low Low priority type: security Related to security workload: minutes Likely takes minutes to resolve

Comments

@uniqueg
Copy link
Member

uniqueg commented Oct 9, 2018
edited
Loading

Is your feature request related to a problem? Please describe.
Currently there is no way of conveniently passing secrets (FTP, database, broker credentials...) to the service during build time. As credentials cannot be version controlled, this presents a serious vulnerability.

Describe the solution you'd like
Research and implement possible solutions, possibly involving Kubernetes and/or Docker secrets.

Once in place, use strategy to pass secrets/credentials for:

  • database (MongoDB)
  • broker (RabbitMQ)
  • object store (FTP)

Describe alternatives you've considered
N/A

Additional context
N/A
@uniqueg uniqueg mentioned this issue Oct 9, 2018
Open
@uniqueg uniqueg added this to the Release candidate v1.0.0-rc milestone Oct 9, 2018
@uniqueg uniqueg removed this from the Release candidate v1.0.0-rc milestone Sep 1, 2019
@uniqueg
Copy link
Member Author

uniqueg commented Apr 20, 2020

A strategy has been devised for Kubernetes/OpenShift deployment: default values are passed as in deployment/values.yaml during Helm installation. See separate instructions in Helm Kubernetes/OpenShift install documentation. The strategy has been implemented for both the database and the .netrc file required for accessing FTP storage. Implement analogously for broker. Compare with #63 and resolve together.

@uniqueg uniqueg added flag: good 1st issue Good for newcomers priority: low Low priority type: security Related to security workload: minutes Likely takes minutes to resolve labels Apr 20, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
flag: good 1st issue Good for newcomers priority: low Low priority type: security Related to security workload: minutes Likely takes minutes to resolve
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@uniqueg