Skip to content
This repository has been archived by the owner on Feb 14, 2025. It is now read-only.

In k8s, use a secret instead of an env var for NEO4J_AUTH #38

Closed
kdmccormick opened this issue Mar 9, 2023 · 2 comments
Closed

In k8s, use a secret instead of an env var for NEO4J_AUTH #38

kdmccormick opened this issue Mar 9, 2023 · 2 comments

Comments

@kdmccormick
Copy link
Contributor

NEO4J_AUTH is passed into k8s-managed pods containers as an environment variable: https://github.com/openedx/tutor-contrib-coursegraph/blob/master/tutorcoursegraph/patches/k8s-deployments#L21-L27

This is a not a serious security issue, but it's not great either. Particularly, someone who has permissions to inspect a pod would be able to see the value of NEO4J_AUTH in plaintext.

Instead, the value should be passed into the container as a secret: https://kubernetes.io/docs/concepts/configuration/secret/
@kdmccormick
Copy link
Contributor Author

@bmtcril , @feanil gave the plugin a look, and this is the one piece of feedback he had.

@bmtcril
Copy link

bmtcril commented Mar 9, 2023

Nice, thanks for pointing that out!

@feanil feanil closed this as not planned Won't fix, can't repro, duplicate, stale Feb 14, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@feanil @kdmccormick @bmtcril