retina icon indicating copy to clipboard operation
retina copied to clipboard

Published 20 hours ago verified publisher icon microsoft

AzBlob (and future OutputLocation) Config should be passed through ConfigMaps and Secrets

Open rbtr opened this issue 11 months ago • 3 comments

Is your feature request related to a problem? Please describe. Currently the AzBlob OutputLocation is provided via a URL with an embedded SAS token. This URL is used as the Volume name in the Capture Pods that are created, which conveniently distributes the access credentials. This is technically a credential leak - the SAS token is readable to anyone with Pod:read instead of Secret:read.

Describe the solution you'd like The AzBlob config and secrets should be provided via Kubernetes objects for the same (ConfigMaps and Secrets).

Additional context The rework done here should be portable to other (future) OutputLocation implementations such as S3 (#201)

rbtr avatar Apr 01 '24 16:04 rbtr

@rbtr Keen on being a contributor on this project and would like to pick this issue as my first one on the project.

iamvighnesh avatar Apr 11 '24 16:04 iamvighnesh

@iamvighnesh great, assigned it to you 🙂

rbtr avatar Apr 11 '24 17:04 rbtr

Hey @iamvighnesh, any updates on this one?

timraymond avatar Jun 28 '24 18:06 timraymond