Skip to content

Navigation Menu

Explore
By company size
By use case
By industry
View all solutions
Topics
- AI
- DevOps
- Security
- Software Development
- View all
Explore
- GitHub Sponsors
  Fund open source developers
- The ReadME Project
  GitHub community articles
Repositories
- Enterprise platform
  AI-powered developer platform
Available add-ons
Pricing

Search code, repositories, users, issues, pull requests...

Search

Clear

Search syntax tips

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Name

Query

To see all available qualifiers, see our documentation.

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

small-hack / argocd-apps Public

Notifications You must be signed in to change notification settings
Fork 3
Star 30

Code
Issues 11
Pull requests 6
Actions
Projects
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Actions
Projects
Security
Insights

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

security pass for secret access #325

Open

26 tasks

jessebot opened this issue Nov 12, 2023 · 0 comments

Open

26 tasks

security pass for secret access #325

jessebot opened this issue Nov 12, 2023 · 0 comments

Assignees

Labels

Comments

Copy link

Contributor

jessebot commented Nov 12, 2023 •

edited by cloudymax

Loading

Description

Before we get into actual production, we need to do a security pass. We've already ensured secure database connections everywhere. The next step is taking a look at what prevents other connected users from viewing secrets such as:

root credentials
postgres certs

Not sure if RBAC makes the most sense here... like restricting access to a specific cluster role or service account?

Needs to be reviewed (and possibly updated for) the following apps.

nextcloud

nextcloud config
minio tenant secret config
postgresql certs
- server-certs
- client-certs
- keypair-server-certs
- keypair-client-certs

zitadel

minio tenant
postgresql certs
- server-certs
- client-certs
- keypair-server-certs
- keypair-client-certs

mastodon

minio tenant secret config
mastodon secret config
mastodon default config configmap while we're at it
postgresql certs
- server-certs
- client-certs
- keypair-server-certs
- keypair-client-certs

matrix

matrix secret config
minio tenant secret config
postgresql certs
- server-certs
- client-certs
- keypair-server-certs
- keypair-client-certs

bitwarden eso provider

credentials secret

argocd

oidc secret

The text was updated successfully, but these errors were encountered:

All reactions

jessebot assigned jessebot and cloudymax

jessebot added the security label

jessebot pinned this issue

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Assignees

Labels

Projects

None yet

Milestone

No milestone

Development

No branches or pull requests

2 participants

Footer

© 2025 GitHub, Inc.

Footer navigation

Terms
Privacy
Security
Status
Docs
Contact

You can’t perform that action at this time.