Add new logic for looking up Strongbox Secrets #112
Merged
+191
−66
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
george-angel
force-pushed
the
force-strongbox
branch
2 times, most recently
from
bc9fb2e
to
12d10d7
Compare
asiyani
approved these changes
Nov 13, 2024
george-angel
force-pushed
the
force-strongbox
branch
3 times, most recently
from
fba1131
to
7f49292
Compare
We now reverted to the original logic to always look up the Strongbox Secret and "fail open" (skip decrypting) when we do not find it. We are adding a safeguard, we now check `kustomize build` output for Strongbox headers in Secret data and will fail if found.
george-angel
force-pushed
the
force-strongbox
branch
from
7f49292
to
447f2e4
Compare
hectorhuertas
approved these changes
Nov 18, 2024
ffilippopoulos
approved these changes
Nov 18, 2024
asiyani
approved these changes
Nov 18, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We now reverted to the original logic to always look up the Strongbox
Secret and "fail open" (skip decrypting) when we do not find it.
We are adding a safeguard, we now check
kustomize buildoutput forStrongbox headers in Secret data and will fail if found.