Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Passwords stored in a Plain Text #1149

Open
3 tasks
vmw-web opened this issue Nov 8, 2024 · 2 comments
Open
3 tasks

Passwords stored in a Plain Text #1149

vmw-web opened this issue Nov 8, 2024 · 2 comments
Labels
question Further information is requested

Comments

@vmw-web
Copy link

vmw-web commented Nov 8, 2024

Is your question request related to a specific component?

VMAuth, VMUser, VMOperator

Describe the question in detail

We have enabled authentication between the VMAgents and the VMCluster, and using VMUser to generate the password.

  1. Passwords generated are stored as a plain text in the VMAuth. Is it possible to enable encryption?
  2. Passwords stored in the K8S is base64, but not encrypted. Is it possible to enable encryption?
  3. Is there any specific algorithm that VMOperator is using to generate the password?

Troubleshooting docs

@vmw-web vmw-web added the question Further information is requested label Nov 8, 2024
@AndrewChubatiuk AndrewChubatiuk transferred this issue from VictoriaMetrics/VictoriaMetrics Nov 8, 2024
@AndrewChubatiuk
Copy link
Contributor

moved operator specific issue to operator repo

@f41gh7
Copy link
Collaborator

f41gh7 commented Nov 11, 2024

It's a good question. Currently, operator has an assumption, that secrets are protected (by kubernetes RBAC) and stored at encrypted storage (https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/).

There is no way to encrypt it at operator level, because vmauth must be aware of it and perform decryption before loading sensitive data in-memory.

As workaround, it's possible to use external configuration for VMAuth and use 3rd party secret providers ( like vault).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
question Further information is requested
Projects
None yet
Development

No branches or pull requests

3 participants