Skip to content
This repository has been archived by the owner on Jul 26, 2022. It is now read-only.

decoding the config map #515

Closed
yanivpaz opened this issue Oct 19, 2020 · 4 comments
Closed

decoding the config map #515

yanivpaz opened this issue Oct 19, 2020 · 4 comments

Comments

@yanivpaz
Copy link

yanivpaz commented Oct 19, 2020
edited
Loading

Looking on the config map created by the external secret controller -
I see that the password is encoded, so it can be easily decoded :

 echo MTIzNA== |base64 -d

how it is possible to prevent users to decode the password?
@yanivpaz yanivpaz changed the title Design question decoding the config map Oct 19, 2020
@Flydiverny
Copy link
Member

Flydiverny commented Oct 19, 2020
edited
Loading

Please provide more context. There's no config map used by KES.

If this is in regards to the resulting secrets, then yes same limitations as with normal secrets apply. Use RBAC to control who can read your secrets.

Edit: didn't mean to close

@Flydiverny Flydiverny reopened this Oct 19, 2020
@yanivpaz
Copy link
Author

Thanks for the answer.
Yes, I referred to the resulting secret.
The KES is a very cool solution - but I am looking for the decryption at the pod level for better security.

@Flydiverny
Copy link
Member

There's been some work on this in the past in #46 and #77 not sure if there's anything usable available.
Also related #81

@Flydiverny
Copy link
Member

Closing this in favor of the referenced issues

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Flydiverny @yanivpaz