You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As discussed here: https://groups.google.com/forum/#!topic/vault-tool/WcujbsujdgE it would be ideal if the serviceaccount name (and namespace) was available to templated policies. Right now only the uuid (.metadata.uid) associated with the serviceaccount is exposed.
The uid is used to prevent attacks where the attacker recreates a serviceaccount name that was once deleted and inherits its abilities within Vault. In some (arguably most) environments, convenience outweighs this risk.
The text was updated successfully, but these errors were encountered:
As discussed here: https://groups.google.com/forum/#!topic/vault-tool/WcujbsujdgE it would be ideal if the serviceaccount name (and namespace) was available to templated policies. Right now only the uuid (.metadata.uid) associated with the serviceaccount is exposed.
The uid is used to prevent attacks where the attacker recreates a serviceaccount name that was once deleted and inherits its abilities within Vault. In some (arguably most) environments, convenience outweighs this risk.
The text was updated successfully, but these errors were encountered: