Skip to content

Remove the root secret from pod env variables #1533

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 6, 2025
Merged

Remove the root secret from pod env variables #1533

merged 1 commit into from
Apr 6, 2025

Conversation

Neon-White
Copy link
Contributor

@Neon-White Neon-White commented Feb 18, 2025
edited
Loading

Explain the changes

  1. As reported in DFBUGS-1608, the NooBaa root secret would be unintentionally revealed in some cases. This PR aims to remediate the issue by removing legacy code that was used to pass the secret via env params, before it was changed to be passed via a file mount. (core, operator)

Issues:

Fixed:

  1. DFBUGS-1608

Gap:

  1. Some dead code is still present on the core side

Testing Instructions:

  1. Deploy NooBaa on an AWS IPI Thales configuration
  2. Make sure NOOBAA_ROOT_SECRET does not show in the env variables of endpoint and core pods
  • Doc added/updated
  • Tests added

@liranmauda
Copy link
Contributor

LGTM,
We need to figure out if the upgrade path would be affected.
If it works, we can manage it, and create a PR on core that removes the env variable.
@romayalon for the core side, do we use this env on NC?

@Neon-White Neon-White force-pushed the remove-root-secret-from-env branch 2 times, most recently from 0797bcc to c94da7b Compare April 2, 2025 13:20
shirady
shirady approved these changes Apr 2, 2025
View reviewed changes
Copy link
Contributor

@shirady shirady left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Neon-White Neon-White force-pushed the remove-root-secret-from-env branch from c94da7b to 0154df1 Compare April 6, 2025 07:52
@Neon-White Neon-White merged commit 30c22d3 into noobaa:master Apr 6, 2025
15 checks passed
@Neon-White Neon-White mentioned this pull request Apr 7, 2025
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shirady shirady shirady approved these changes

@jackyalbo jackyalbo Awaiting requested review from jackyalbo

@romayalon romayalon Awaiting requested review from romayalon

Assignees
No one assigned
Labels
size/S
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Neon-White @liranmauda @shirady