Bug 1416483

Summary: More secured conf files -- session-secrets.yaml
Product: OpenShift Container Platform Reporter: Steven Walter <stwalter>
Component: apiserver-authAssignee: Erica von Buelow <evb>
Status: CLOSED ERRATA QA Contact: Chuan Yu <chuyu>
Severity: low Docs Contact:
Priority: medium    
Version: 3.4.0CC: aos-bugs, cscribne, jmalde, knewcomer, mkhan, thunt
Target Milestone: ---   
Target Release: 4.1.0   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-04 10:40:18 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Steven Walter 2017-01-25 15:26:57 UTC
Description of problem:

Customer has concerns over the display of authentication/passwords in flat configuration files:

# cat /etc/origin/master/session-secrets.yaml  
apiVersion: v1
kind: SessionSecrets
- authentication: "<SECRET>"
  encryption: "<SECRET>"

Hide Section - Tags

Version-Release number of selected component (if applicable):

How reproducible:
Default with the product

Actual results:
 Data is in a flat file

Expected results:
 Data would be more encrypted, not "out in the open"

Comment 10 Mo 2019-04-05 13:27:34 UTC
Session secrets are managed by the authn operator in 4.x and use randomly generated keys.

Comment 12 Chuan Yu 2019-04-09 07:12:57 UTC
Since auth config will not be stored in a file on disk like this in 4.0, move this to verify.

Comment 14 errata-xmlrpc 2019-06-04 10:40:18 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.