-
Notifications
You must be signed in to change notification settings - Fork 563
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Kubeconfig creator task accepts secrets as parameters #639
Comments
/cc @divyansh42 |
FYI @psschwei |
As noted by @sm43, our I think there are a couple of alternatives we could adopt:
/cc @vdemeester |
Maybe both are possible even 😛 . |
Issues go stale after 90d of inactivity. /lifecycle stale Send feedback to tektoncd/plumbing. |
Stale issues rot after 30d of inactivity. /lifecycle rotten Send feedback to tektoncd/plumbing. |
Rotten issues close after 30d of inactivity. /close Send feedback to tektoncd/plumbing. |
@tekton-robot: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/lifecycle frozen |
@afrittoli @dibyom @vdemeester do we still want this? 😅 |
Expected Behavior
Tasks never accept secrets as parameters. A workspace (or a secret name) and field names can be used to provide access to secrets stored as k8s secrets or as files on a volume.
Actual Behavior
The kubeconfig creator tasks https://hub.tekton.dev/tekton/task/kubeconfig-creator accepts several secrets as parameters. This is an issue because there's no way to avoid secrets being exposed if they are passed as parameters to a task.
The value of those parameters will be stored in etcd, accessible via the CLI/dashboard (even in readonly mode) and might even be sent in cloud events notifications when they are enabled.
The text was updated successfully, but these errors were encountered: