search

siderolabs / omni-feedback

Omni feature requests, bug reports
https://www.siderolabs.com/platform/saas-for-kubernetes/
MIT License
2 stars 0 forks source link

[feature] Secrets masking for read-only users #33

Open croarkpf opened 1 year ago

croarkpf commented 1 year ago

Problem Description

There are secrets in config files and in logs and it would be great if those secrets were masked.

Solution

No response

Alternative Solutions

No response

Notes

No response

smira commented 1 year ago

All Talos secrets are masked, are you talking about your specific secrets in the config patches?

croarkpf commented 1 year ago

Yeah sorry the config patches are important.

ArcherSeven commented 1 year ago

Ideally, a way to hint that a value in a configpatch it a secret, through a comment or something, would be nice. Then those secrets, such as vault credentials or registry credentials, could be masked.

smira commented 1 year ago

Note: we should probably not allow read-only users access to ConfigPatches and merged machine config.