The next VSecM Contributor Sync will be on...
Thursday, 2024-05-30 at 8:00am Pacific time.

VMware Secrets Manager

Mutating a Template File

Situation Analysis

Certain apps may require initialization scripts, which may include secrets. Storing these scripts with hard-coded secrets is a security gap. Storing these scripts in source control is a security incident waiting to happen.

Solution

A solution would be to create a template file with a placeholder to interpolate the secrets at deployment time.

As long as this template file is in an ephemeral “in-memory” volume and direct access to the workload is prevented by strict RBAC rules, we can consider the script and the secrets within it secure because data in an in-memory file system will be protected by the operating system’s built-in memory barriers: Only an app that can shell into the Pod can access the in-memory volume.

Strategy

Follow the Mounting Secrets as Volumes use case and configure the sidecar to mutate the file you need accordingly.

results matching ""

No results matching ""

«« previous next »»

⭐️ Star VMware Secrets Manager to show your support ⭐️
your support helps us to reach out to even more people with this amazing tech

Copyright © 2023-present VMware Secrets Manager contributors.

VMware Secrets Manager for Cloud-Native Apps
code is distributed under BSD 2-Clause License.

The documentation on this website
is distributed under CC-BY-4.0.

contact | privacy policy