We are looking to find ways to help developers find security misconfigurations, i.e., Kubernetes manifest configurations that violate security best practices for Kubernetes manifests.
We have noticed hard-coded secrets, which are security misconfigurations, and violation of security best practices for Kubernetes manifests (reff: https://arxiv.org/pdf/2006.15275.pdf).
Please fix this misconfiguration by storing secrets in tools, such as Vault (https://www.vaultproject.io/). We would like to hear if you agree to fix this misconfiguration or have fixed the misconfiguration.
akondasif
commented
2 years ago
Dear Colleague,
We are looking to find ways to help developers find security misconfigurations, i.e., Kubernetes manifest configurations that violate security best practices for Kubernetes manifests.
We have noticed hard-coded secrets, which are security misconfigurations, and violation of security best practices for Kubernetes manifests (reff: https://arxiv.org/pdf/2006.15275.pdf).
Location:
https://github.com/alb3rtobr/tfm_swcraftsmanship/blob/fca60a1512d854a4a23942723eafefcf6cf22efd/charts/tfm-almacar/charts/database/values.yaml#L8
Please fix this misconfiguration by storing secrets in tools, such as Vault (https://www.vaultproject.io/). We would like to hear if you agree to fix this misconfiguration or have fixed the misconfiguration.