Skip to content
This repository has been archived by the owner on Feb 22, 2022. It is now read-only.

[stable/mysql] The password values in values.yaml should be provided as base64 #3486

Closed
wants to merge 1 commit into from
Closed

[stable/mysql] The password values in values.yaml should be provided as base64 #3486

wants to merge 1 commit into from

Conversation

komljen
Copy link
Collaborator

@komljen komljen commented Jan 30, 2018

If the user wants to provide its own passwords they should be base64 encoded in values.yaml file and not kept in clear text.

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Jan 30, 2018
@k8s-ci-robot
Copy link
Contributor

Hi @komljen. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Jan 30, 2018
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: komljen
We suggest the following additional approver: mgoodness

Assign the PR to them by writing /assign @mgoodness in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these OWNERS Files:

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

@komljen
Copy link
Collaborator Author

komljen commented Jan 30, 2018

cc @viglesiasce

@komljen komljen changed the title The password values in values.yaml should be provided as base64 [stable/mysql] The password values in values.yaml should be provided as base64 Jan 30, 2018
@prydonius
Copy link
Member

IMO base64 is not much better than plain text and this will degrade the UX. The fact that tiller stores values in plain text is a separate issue and can be solved by configuring tiller to use a secret store.

@komljen
Copy link
Collaborator Author

komljen commented Jan 31, 2018
edited
Loading

I pretty much agree. Autogenerated passwords are better, but the issue is that on helm upgrade the new passwords are generated. Not sure how to work around this...

UPDATE: I created a new pull request to not recreate passwords on helm upgrade #3494

That seems like a better idea and then we could close this one.

@komljen
Copy link
Collaborator Author

komljen commented Feb 7, 2018

Closing this pull request in favor of #3591

@komljen komljen closed this Feb 7, 2018
@komljen komljen deleted the mysql_secrets branch February 7, 2018 10:41
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@komljen @k8s-ci-robot @prydonius