With the addition of Oauth2 support authentication with using FIWARE Keyrock, usernames and passwords are now part of the Docker environment variables. Currently these can only be passed using plain text. The addition of Docker Secrets support protecting these passwords is necessary to plug a potential security flaw.
This is a simple addition of a script in the same manner as PostGres (and relevant documentation of course) Cygnus does it already. This flaw relates to all IoT Agents.
jason-fox
commented
5 years ago
With the addition of Oauth2 support authentication with using FIWARE Keyrock, usernames and passwords are now part of the Docker environment variables. Currently these can only be passed using plain text. The addition of Docker Secrets support protecting these passwords is necessary to plug a potential security flaw.
This is a simple addition of a script in the same manner as PostGres (and relevant documentation of course) Cygnus does it already. This flaw relates to all IoT Agents.
https://github.com/telefonicaid/iotagent-node-lib/pull/726#discussion_r242214046
Within the Docker container, Passwords etc can only be passed protected by Docker Secrets