Bug 1416483 - More secured conf files -- session-secrets.yaml
Summary: More secured conf files -- session-secrets.yaml
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: apiserver-auth
Version: 3.4.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.1.0
Assignee: Erica von Buelow
QA Contact: Chuan Yu
Depends On:
TreeView+ depends on / blocked
Reported: 2017-01-25 15:26 UTC by Steven Walter
Modified: 2019-06-04 10:40 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2019-06-04 10:40:18 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2019:0758 0 None None None 2019-06-04 10:40:28 UTC

Description Steven Walter 2017-01-25 15:26:57 UTC
Description of problem:

Customer has concerns over the display of authentication/passwords in flat configuration files:

# cat /etc/origin/master/session-secrets.yaml  
apiVersion: v1
kind: SessionSecrets
- authentication: "<SECRET>"
  encryption: "<SECRET>"

Hide Section - Tags

Version-Release number of selected component (if applicable):

How reproducible:
Default with the product

Actual results:
 Data is in a flat file

Expected results:
 Data would be more encrypted, not "out in the open"

Comment 10 Mo 2019-04-05 13:27:34 UTC
Session secrets are managed by the authn operator in 4.x and use randomly generated keys.

Comment 12 Chuan Yu 2019-04-09 07:12:57 UTC
Since auth config will not be stored in a file on disk like this in 4.0, move this to verify.

Comment 14 errata-xmlrpc 2019-06-04 10:40:18 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.