postee icon indicating copy to clipboard operation
postee copied to clipboard

Published 20 hours ago verified publisher icon aquasecurity

Create secret file for PosteeUI - user and password

Open grglzrv opened this issue 1 year ago • 2 comments

Description

PostUI user and password are sensitive data, because of that secret.yaml has to be created for the Postee UI creds inside the helm chart. There are no default values set for them as well. Also we need a strategy how to use this secret with GitOps (FluxCD etc.) if you wanna store the creds into git/bitbucket repo is good practice to encrypt this secret - for example with Sealed Secret.

grglzrv avatar Sep 25 '22 16:09 grglzrv

Agreed we can make it better and welcome to ideas.

We also have this existing issue that we should also think of when tackling this: https://github.com/aquasecurity/postee/issues/120

Welcome to ideas and suggestions.

simar7 avatar Sep 26 '22 19:09 simar7

@simar7 please review it https://github.com/aquasecurity/postee/pull/474 . already tested with FluxCD. for example - if posteUi.existingSecret is false, it will create a secret with username & password defined into values.yaml if posteUi.existingSecret is true, you need to create a separate secret file, (you may seal it by Sealed secret for additional encryption as well if the secret file is stored in git/bitbucket):

    posteUi:
      existingSecret:
        enabled: true
        secretName: posteeui-creds   # secret name 
        usernameKey: postee-ui-user                # the key defined into the secret name for the user
        passwordKey: postee-ui-password       # the key defined into the secret name for the password

grglzrv avatar Sep 26 '22 22:09 grglzrv

Fixed with #474

simar7 avatar Oct 18 '22 22:10 simar7