argo-cd
argo-cd copied to clipboard
argoproj
Add 2FA option when syncing applications
Summary
I would like to have a 2FA method when running an argocd sync.
Motivation
We are running critical applications deployed with argoCD. We would like to have an option to add an "approval" via 2FA when a critical and sensitive application is being updated. We are applying zero trust policies. There have been several cases where github accounts have been compromised, and this opens the door to argocd to deploy undesired versions of our apps .
Proposal
The idea is to integrate 2FA providers like duo security or others, and when a sync command is triggered in argocd, send a "push approval" to our mobile. After we approve the sync in our mobile phones, argocd starts the sync process.
I guess Argo Workflows can be leveraged ? Make the application manual sync but use workflows to sync upon approval step completed within workflows.
Thanks for the comment, Yes, using argo workflows or argo rollouts this can be achieved. I was thinking in a native integration to make it more secure.