Skip to content

Commit

Permalink
Fix auth by wrapping keychain in a ResolvedKeychain
Browse files Browse the repository at this point in the history 
Prior to #1315, all keychains
passed to NewMultiKeychain were resolved keychains,
which prevented the credentials from becoming inaccessible after the lifecycle dropped privileges.

Signed-off-by: Natalie Arellano <[email protected]>
  • Loading branch information
@natalieparellano
natalieparellano committed Apr 10, 2024
1 parent 137225b commit 2670257
Showing 1 changed file with 6 additions and 4 deletions.
10 changes: 6 additions & 4 deletions auth/keychain.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,13 +38,15 @@ func DefaultKeychain(images ...string) (authn.Keychain, error) {
return nil, err
}

keychains := []authn.Keychain{envKeychain, authn.DefaultKeychain}

keychains := []authn.Keychain{
envKeychain,
NewResolvedKeychain(authn.DefaultKeychain, images...),
}
if vendorKeychainEnabled("amazon") {
keychains = append(keychains, amazonKeychain)
keychains = append(keychains, NewResolvedKeychain(amazonKeychain, images...))
}
if vendorKeychainEnabled("azure") {
keychains = append(keychains, azureKeychain)
keychains = append(keychains, NewResolvedKeychain(azureKeychain, images...))
}

return authn.NewMultiKeychain(
Expand Down

0 comments on commit 2670257

Please sign in to comment.