results icon indicating copy to clipboard operation
results copied to clipboard

Published 20 hours ago verified publisher icon tektoncd

better shield DB/S3 credentials provide to results API deployment

Open gabemontero opened this issue 1 year ago • 6 comments

Feature request

As a consumer of tekton results, the project we are working on employs use of Checkov to help monitor cloud infrastructure configuration for various best practices.

In scanning tekton results, it flagged the exposing of secrets as environment variables instead of files within the results API deployment (around both the S3 and DBcredentials)

Their write up around this is at https://docs.bridgecrew.io/docs/bc_k8s_33

Admittedly a "low" severity item by their estimation, but in front of the right audience of potential consumers of results, reasoned arguments can fall on deaf ears.

Could the use of files for credential storage be the new means of consumption? If not always, via some sort of "opt-in" approach?

@adambkaplan FYI

Use case

As a deployer of tekton results in my organization, I want to remove any hurdles from security auditors at my company around blocking deployment.

gabemontero avatar Apr 11 '23 16:04 gabemontero

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale with a justification. Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with /close with a justification. If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/lifecycle stale

Send feedback to tektoncd/plumbing.

tekton-robot avatar Jul 10 '23 17:07 tekton-robot

/remove-lifecycle stale

gabemontero avatar Jul 10 '23 17:07 gabemontero

There's a pr for solving this in operator.

khrm avatar Jul 10 '23 22:07 khrm

thanks for the heads up @khrm

I believe the PR you are referring to is https://github.com/tektoncd/operator/pull/1547

gabemontero avatar Jul 11 '23 11:07 gabemontero

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale with a justification. Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with /close with a justification. If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/lifecycle stale

Send feedback to tektoncd/plumbing.

tekton-robot avatar Oct 09 '23 12:10 tekton-robot

Stale issues rot after 30d of inactivity. Mark the issue as fresh with /remove-lifecycle rotten with a justification. Rotten issues close after an additional 30d of inactivity. If this issue is safe to close now please do so with /close with a justification. If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/lifecycle rotten

Send feedback to tektoncd/plumbing.

tekton-robot avatar Nov 08 '23 12:11 tekton-robot