support read header value from env variable#3474
Conversation
|
cc @joaopgrassi @keithmattix, looks like you're interesting in original issue. |
howardjohn
left a comment
There was a problem hiding this comment.
Does envoy just have a corresponding config we pass this through to?
|
I see. This absolutely needs to specify it's the environment variable of the control plane, which is not intuitive. This is a possible security risk, as someone can now trigger the control plane to send out arbitrary env vars down to proxies, which may include confidential information. Given this is in mesh config, not proxy config, that is likely ok as they are the same trust domain. However we are still storing the credentials in envoy, accessible by config_dump,etc. We do similar for TLS, but that is all in the "secret" code paths which obfuscate the contents. I worry this doesn't really meet the goal of the original issue, as we don't actually have end to end security of the header |
you can not avoid this happen, users who can access config_dump will be able to read nearly everything. In my experience, most people don't have direct access to the product environment (or need permission). |
|
Yeah good call. Maybe we just specify in the comments that:
|
718b392 to
acb1b52
Compare
acb1b52 to
36692fd
Compare
this's a proposal for istio/istio#53408
With this patch, users will be able mount a secret into pilot discovery pod as env variable, then pilot will read from it and send to all proxies.