harbor-helm icon indicating copy to clipboard operation
harbor-helm copied to clipboard

Published 20 hours ago verified publisher icon goharbor

Ability to include secret instead of exposing raw password

Open panteparak opened this issue 3 years ago • 3 comments

Exposing database and redis secret via helm values files are very dangerous. It would be better to mount k8s secret.

Proposed change (example)

database:
  external:
    existingSecret: "SECRET-NAME"
    existingSecretPasswordKey: "SECRET-KEY"

panteparak avatar Jul 17 '21 16:07 panteparak

Also for

  • harborAdminPassword
  • database.internal.password
  • etc etc.... you get the idea

Moep90 avatar Jul 19 '21 06:07 Moep90

Related https://github.com/goharbor/harbor-helm/issues/189

darend avatar Jul 23 '21 18:07 darend

database works , but redis is broken, the docs mention to use a secret, but that's not used

https://github.com/goharbor/harbor-helm/blob/47a3871d9e369670cf70fa4601eaf03ac601de2c/templates/_helpers.tpl#L175 https://github.com/goharbor/harbor-helm/blob/47a3871d9e369670cf70fa4601eaf03ac601de2c/values.yaml#L861

viceice avatar Sep 08 '22 07:09 viceice

This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.

github-actions[bot] avatar Feb 08 '24 09:02 github-actions[bot]

This issue was closed because it has been stalled for 30 days with no activity. If this issue is still relevant, please re-open a new issue.

github-actions[bot] avatar Mar 11 '24 09:03 github-actions[bot]

Please reopen. This is still an issue. Do i really need to comment every 30 days to have this open? 😕

viceice avatar Mar 11 '24 14:03 viceice