Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HASI: Limit permissions to read only relevant secrets by KIM [DEADLINE: EOY] #398

Open
1 task
tobiscr opened this issue Sep 24, 2024 · 0 comments
Open
1 task

HASI: Limit permissions to read only relevant secrets by KIM [DEADLINE: EOY] #398

tobiscr opened this issue Sep 24, 2024 · 0 comments

Comments

@tobiscr
Copy link
Contributor

tobiscr commented Sep 24, 2024
edited
Loading

Description

KIM should only be allowed to read the secrets which are relevant for it to work. Extensive access to secrets it not required and has to be limited to the minimum.

Allowed secrets are:

  • secrets containing KIM configuration parameters
  • kubeconfig-secrets of SKRs

AC:

  • KIM can access only secrets required by it to work (see list above)

Expected result

KIM is not allowed to read any secrets which are not required by KIM to run/operate.

Actual result

Secret permissions are not fully limited on KCP and KIm could read more as required.

Steps to reproduce

Troubleshooting
@tobiscr tobiscr changed the title HASI: Limit permissions to read only relevant secrets by KIM HASI: Limit permissions to read only relevant secrets by KIM [DEADLINE: EOY] Oct 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tobiscr