I have a module that launches containers that require access to sensitive information, such as API keys and database passwords. Right now, these sensitive values are built into the controller definitions as follows:
env: - name: DB_PASSWORD value: password
which are then available inside the Docker container as the $DB_PASSWORD environment variable. Everything is pretty easy.
But by reading their Secrets documentation, they clearly state that transferring sensitive configuration values to your definition violates best practice and potentially a security issue. The only other strategy I can think of is as follows:
- create an OpenPGP key for each user community or namespace
- use crypt to set the configuration value to etcd (which is encrypted using the private key)
- create a kubernet secret containing the private key, so
- associate this secret with the container (this means that the private key will be available as mount for the volume), like this
- when the container is running, it will access the file inside the hard drive for the private key and use it to decrypt the conf values returned from etcd
- this can then be included in confd , which populates local files according to the template definition (for example, Apache or WordPress configuration files)
This seems rather complicated, but more secure and flexible, since the values will no longer be static and are stored in clear text.
So, my question is, and I know that this is not a completely objective question, is this completely necessary or not? Only admins will be able to view and execute RC definitions in the first place; therefore, if someone violated the master of the kubernetes, you will have other problems. The only advantage that I see is that there is no danger of secrets related to the plaintext file system ...
Are there other ways to populate Docker containers with secret information in a safe way?
security docker kubernetes confd
hohner
source share