Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stop publishing sensitive information directly in CRs #1869

Open
skitt opened this issue Feb 22, 2022 · 3 comments
Open

Stop publishing sensitive information directly in CRs #1869

skitt opened this issue Feb 22, 2022 · 3 comments
Assignees
@tpantelis
Labels
confirmed For issues and PRs which we definitely want (disables the stale bot) dependent enhancement New feature or request priority:high size:small

Comments

@skitt
Copy link
Member

skitt commented Feb 22, 2022
edited by dfarrell07
Loading

Now that the PSK and broker token are stored in secrets, we should stop publishing them directly in CRs.

This won’t really improve security, but it will make CR dumps easier to read.

This follows on from submariner-io/submariner#326.

Depends on submariner-io/subctl#631
@skitt skitt added the enhancement New feature or request label Feb 22, 2022
@skitt skitt mentioned this issue Feb 22, 2022
Closed
@skitt skitt self-assigned this Mar 28, 2022
skitt added a commit to skitt/submariner-operator that referenced this issue Apr 4, 2022
@skitt
Stop filling in token/CA in the Submariner CR
1af6d08 
This ensures we rely only on the secret containing the broker access
token.

Fixes: submariner-io#1869
Signed-off-by: Stephen Kitt <skitt@redhat.com>
skitt added a commit to skitt/submariner-operator that referenced this issue Apr 4, 2022
@skitt
Stop filling in token/CA in the Submariner CR
67e3a3d 
This ensures we rely only on the secret containing the broker access
token.

Fixes: submariner-io#1869
Signed-off-by: Stephen Kitt <skitt@redhat.com>
@skitt skitt mentioned this issue Apr 14, 2022
Merged
skitt added a commit to skitt/submariner-operator that referenced this issue Apr 15, 2022
@skitt
Stop filling in token/CA in the Submariner CR
d982de6 
This ensures we rely only on the secret containing the broker access
token.

Fixes: submariner-io#1869
Signed-off-by: Stephen Kitt <skitt@redhat.com>
skitt added a commit to skitt/submariner-operator that referenced this issue Apr 15, 2022
@skitt
Stop filling in token/CA in the Submariner CR
e444cc8 
This ensures we rely only on the secret containing the broker access
token.

Fixes: submariner-io#1869
Signed-off-by: Stephen Kitt <skitt@redhat.com>
skitt added a commit to skitt/submariner-operator that referenced this issue May 31, 2022
@skitt
Stop filling in token/CA in the Submariner CR
e74ac4c 
This ensures we rely only on the secret containing the broker access
token.

Fixes: submariner-io#1869
Signed-off-by: Stephen Kitt <skitt@redhat.com>
skitt added a commit to skitt/submariner-operator that referenced this issue May 31, 2022
@skitt
Stop filling in token/CA in the Submariner CR
a7340a6 
This ensures we rely only on the secret containing the broker access
token.

Fixes: submariner-io#1869
Signed-off-by: Stephen Kitt <skitt@redhat.com>
skitt added a commit to skitt/submariner-operator that referenced this issue Jun 16, 2022
@skitt
Stop filling in token/CA in the Submariner CR
979dec2 
This ensures we rely only on the secret containing the broker access
token.

Fixes: submariner-io#1869
Signed-off-by: Stephen Kitt <skitt@redhat.com>
skitt added a commit to skitt/submariner-operator that referenced this issue Jun 16, 2022
@skitt
Stop filling in token/CA in the Submariner CR
0566a31 
This ensures we rely only on the secret containing the broker access
token.

Fixes: submariner-io#1869
Signed-off-by: Stephen Kitt <skitt@redhat.com>
@stale
Copy link

stale bot commented Jul 30, 2022

This issue has been automatically marked as stale because it has not had activity for 60 days. It will be closed if no further activity occurs. Please make a comment if this issue/pr is still valid. Thank you for your contributions.

@stale stale bot added the wontfix This will not be worked on label Jul 30, 2022
@tpantelis tpantelis removed the wontfix This will not be worked on label Jul 31, 2022
skitt added a commit to skitt/submariner-operator that referenced this issue Aug 26, 2022
@skitt
Stop filling in token/CA in the Submariner CR
36e1f7c 
This ensures we rely only on the secret containing the broker access
token.

Fixes: submariner-io#1869
Signed-off-by: Stephen Kitt <skitt@redhat.com>
skitt added a commit to skitt/submariner-operator that referenced this issue Aug 26, 2022
@skitt
Stop filling in token/CA in the Submariner CR
be2ce06 
This ensures we rely only on the secret containing the broker access
token.

Fixes: submariner-io#1869
Signed-off-by: Stephen Kitt <skitt@redhat.com>
skitt added a commit to skitt/submariner-operator that referenced this issue Feb 20, 2023
@skitt
Stop filling in token/CA in the Submariner CR
a23493d 
This ensures we rely only on the secret containing the broker access
token.

Fixes: submariner-io#1869
Signed-off-by: Stephen Kitt <skitt@redhat.com>
@dfarrell07 dfarrell07 moved this to Todo in Submariner 0.16 May 9, 2023
@dfarrell07 dfarrell07 mentioned this issue May 16, 2023
Open
tpantelis pushed a commit to skitt/submariner-operator that referenced this issue Aug 2, 2023
@skitt @tpantelis
Stop filling in token/CA in the Submariner CR
3e2c058 
This ensures we rely only on the secret containing the broker access
token.

Fixes: submariner-io#1869
Signed-off-by: Stephen Kitt <skitt@redhat.com>
@skitt skitt removed this from Submariner 0.16 Oct 4, 2023
@tpantelis tpantelis assigned tpantelis and unassigned skitt Jun 24, 2024
@maayanf24 maayanf24 moved this to Todo in Submariner 0.19 Jun 25, 2024
@tpantelis tpantelis moved this to Next Version Candidate in Backlog Oct 28, 2024
@maayanf24 maayanf24 removed this from Backlog Oct 29, 2024
@maayanf24 maayanf24 moved this to Todo in Submariner 0.20 Oct 29, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 30, 2024
edited
Loading

This PR/issue depends on:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tpantelis tpantelis

Labels
confirmed For issues and PRs which we definitely want (disables the stale bot) dependent enhancement New feature or request priority:high size:small
Projects
Submariner 0.20
Status: Todo
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Stop filling in token/CA in the Submariner CR skitt/submariner-operator
4 participants
@skitt @tpantelis @mkolesnik @maayanf24