charts icon indicating copy to clipboard operation
charts copied to clipboard

Published 20 hours ago verified publisher icon k8s-at-home

[vikunja] Configuration may contain secrets, stored as configmap

Open disconn3ct opened this issue 2 years ago • 1 comments

Helm chart name

vikunja

Helm chart version

5.5.3

Container name

vikunja/api

Container tag

0.17.1

Description

Vikunja configuration can contain several secrets (JWT, OpenID secrets, etc) but is stored as a ConfigMap.

Most settings can be sourced from the environment instead, but not the authentication configuration.

Expected result

Secret values should be in secrets

Helm values to reproduce

vikunja:
  config: |-
    auth:
      openid:
        providers:
          - name: Foo
            clientsecret: secret-is-in-the-name

Additional Information

No response

Repo link

No response

disconn3ct avatar Jun 01 '22 15:06 disconn3ct

And while we're at it, please update to version 0.18.2 :)

xeruf avatar Jun 20 '22 09:06 xeruf

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in two weeks if no further activity occurs. Thank you for your contributions.

ghost avatar Aug 19 '22 20:08 ghost

/unstale

is there any way to get a human to notice these bugs before the robot does? This is a security issue..

disconn3ct avatar Aug 19 '22 20:08 disconn3ct

I will switch to the truecharts version as it seems to be better maintained generally, with a volume for assets already configured: https://truecharts.org/docs/charts/stable/vikunja/#source-code

xeruf avatar Aug 20 '22 08:08 xeruf

Whelp #1761

disconn3ct avatar Aug 21 '22 13:08 disconn3ct