Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

check for leaked secrets in ConfigMaps #2361

Open
sebhoss opened this issue Dec 17, 2024 · 1 comment
Open

check for leaked secrets in ConfigMaps #2361

sebhoss opened this issue Dec 17, 2024 · 1 comment
Labels
kind/feature Categorizes issue or PR as related to a new feature.

Comments

@sebhoss
Copy link

sebhoss commented Dec 17, 2024

We are looking for a way to scan all ConfigMaps in our clusters for leaked secrets. Initially we thought that the exposed secret feature of the operator would do what we wanted because it kinda sounds like that, but it scans images, whereas we want to scan ConfigMaps with something like gitleaks to check that no secret was accidentally placed inside a ConfigMap instead of a Secret resource.

I've read the docs about writing our own config audit policy, but I think re-implementing something like gitleaks in rego would be difficult to accomplish. Would this be something the operator might support?

@sebhoss sebhoss added the kind/feature Categorizes issue or PR as related to a new feature. label Dec 17, 2024
@itaysk
Copy link

itaysk commented Dec 17, 2024

I think it makes sense, but we don't have capacity to work on new features in the near term.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/feature Categorizes issue or PR as related to a new feature.
Projects
None yet
Development

No branches or pull requests

2 participants