I've been reviewing the exposedsecretreport for ghcr.io/zalando/spilo-15 and noticed that it has the ssl-cert-snakeoil.key file, Trivy is flagging it as a potential exposed secret. Is this used anywhere or is it just a dummy cert!
Configuration Options: Do we need this default key in the image?
I've been reviewing the
exposedsecretreport
forghcr.io/zalando/spilo-15
and noticed that it has the ssl-cert-snakeoil.key file, Trivy is flagging it as a potential exposed secret. Is this used anywhere or is it just a dummy cert!Configuration Options: Do we need this default key in the image?
See details below: