[Security] [V-242415] Avoid using secret as environment variables in Kubernetes

According to the requirements outlined in https://stigviewer.com/stigs/kubernetes/2024-08-22/finding/V-242415, it is explicitly stated that "Secrets should not be stored as environment variables." 

However, the current Helm chart implementation heavily relies on setting sensitive data through environment variables.

- https://github.com/goharbor/harbor-helm/blob/main/templates/core/core-dpl.yaml#L96
- https://github.com/goharbor/harbor-helm/blob/main/templates/core/core-dpl.yaml#L99
- https://github.com/goharbor/harbor-helm/blob/main/templates/jobservice/jobservice-dpl.yaml#L94
- https://github.com/goharbor/harbor-helm/blob/main/templates/registry/registry-dpl.yaml#L99

What is our opinion on this issue, and do we have plans to fix it ?



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Security] [V-242415] Avoid using secret as environment variables in Kubernetes #2201

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Security] [V-242415] Avoid using secret as environment variables in Kubernetes #2201

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions