Closed arthurzenika closed 2 days ago
workaround is using the following annotation :
annotations:
polaris.fairwinds.com/sensitiveContainerEnvVar-exempt: "true"
I am pretty sure you don't need to repeat env vars that are pulled in via envFrom in the env section of the spec.
Polaris is picking up the words TOKEN and SECRET I believe. We're fairly limited in what we can check with JSON Schema for this.
Your workaround is probably best, or to disable that check entirely in your configuration
What happened?
Hi, thanks for polaris, it's an awesome tool and it helps us a lot on many use cases.
We think we might have an special case that is a false positive.
We are using
envFrom
withsecretRef
and then using a bunch of variables for secrets (as described in https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/#configure-all-key-value-pairs-in-a-secret-as-container-environment-variables ) and using env to rename and combine some variables :and polaris detects the following :
Which doesn't seem to be the case when a syntax like the following is used :
What did you expect to happen?
For polaris to detect that a variable from a secret is being used and to consider this as safe.
How can we reproduce this?
If the snippet above is not sufficient to discuss this issue we can probably share a complete deployment/secret.
Version
7.3.2
Search
Code of Conduct
Additional context
No response