Skip to content

Security Misconfiguration: Hard-coded Secret #3

New issue
New issue
Open
Open
Security Misconfiguration: Hard-coded Secret#3
@akondasif

Description

@akondasif
akondasif
opened on May 10, 2022

Dear Colleague,

We are looking to find ways to help developers find security misconfigurations, i.e., Kubernetes manifest configurations that violate security best practices for Kubernetes manifests.

We have noticed hard-coded secrets, which are security misconfigurations, and violation of security best practices for Kubernetes manifests (reff: https://arxiv.org/pdf/2006.15275.pdf).

Location:

run-devops/aks/mongo-secret.yaml

Line 7 in 6cf2f72

mongo-root-username: dXNlcm5hbWU=

Please fix this misconfiguration by storing secrets in tools, such as Vault (https://www.vaultproject.io/). We would like to hear if you agree to fix this misconfiguration or have fixed the misconfiguration.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions