Skip to content

Remove the root secret from pod env variables#1533

Merged
Neon-White merged 1 commit intonoobaa:masterfrom
Neon-White:remove-root-secret-from-env
Apr 6, 2025
Merged

Remove the root secret from pod env variables#1533
Neon-White merged 1 commit intonoobaa:masterfrom
Neon-White:remove-root-secret-from-env

Conversation

@Neon-White
Copy link
Contributor

@Neon-White Neon-White commented Feb 18, 2025
edited
Loading

Explain the changes

  1. As reported in DFBUGS-1608, the NooBaa root secret would be unintentionally revealed in some cases. This PR aims to remediate the issue by removing legacy code that was used to pass the secret via env params, before it was changed to be passed via a file mount. (core, operator)

Issues:

Fixed:

  1. DFBUGS-1608

Gap:

  1. Some dead code is still present on the core side

Testing Instructions:

  1. Deploy NooBaa on an AWS IPI Thales configuration
  2. Make sure NOOBAA_ROOT_SECRET does not show in the env variables of endpoint and core pods
  • Doc added/updated
  • Tests added

@liranmauda
Copy link
Contributor

liranmauda commented Feb 19, 2025

LGTM,
We need to figure out if the upgrade path would be affected.
If it works, we can manage it, and create a PR on core that removes the env variable.
@romayalon for the core side, do we use this env on NC?

@Neon-White Neon-White force-pushed the remove-root-secret-from-env branch 2 times, most recently from 0797bcc to c94da7b Compare April 2, 2025 13:20
shirady
shirady approved these changes Apr 2, 2025
View reviewed changes
Copy link
Contributor

@shirady shirady left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Neon-White
Remove root secret from pod env variables
0154df1 
Signed-off-by: Ben <belimele@redhat.com>
@Neon-White Neon-White force-pushed the remove-root-secret-from-env branch from c94da7b to 0154df1 Compare April 6, 2025 07:52
@Neon-White Neon-White merged commit 30c22d3 into noobaa:master Apr 6, 2025
15 checks passed
@Neon-White Neon-White mentioned this pull request Apr 7, 2025
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shirady shirady shirady approved these changes

@jackyalbo jackyalbo Awaiting requested review from jackyalbo

@romayalon romayalon Awaiting requested review from romayalon

Assignees

No one assigned

Labels

size/S

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Neon-White @liranmauda @shirady