Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature] Allow specifying cloud credentials for Crossplane integration via a secret #6488

Open
shashankram opened this issue Mar 19, 2024 · 0 comments
Open

[Feature] Allow specifying cloud credentials for Crossplane integration via a secret #6488

shashankram opened this issue Mar 19, 2024 · 0 comments

Comments

@shashankram
Copy link

As per https://kubevela.io/docs/next/end-user/components/cloud-services/provision-cloud-resources-by-crossplane/, the AWS access credentials are inlined in the spec:

apiVersion: core.oam.dev/v1beta1
kind: Application
metadata:
  name: aws
  namespace: vela-system
spec:
  components:
    - name: aws
      type: crossplane-aws
      properties:
        name: aws
        AWS_ACCESS_KEY_ID: xxx
        AWS_SECRET_ACCESS_KEY: yyy

This is not usable since the credentials are exposed in plaintext on the resource spec. At the very least, this should be specified via a k8s secret on which RBAC can be enforced.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@shashankram