Skip to content

Hashicorp vault auth allow tokens directly set in TriggerAuthentication #6026

New issue
New issue
Open
#6143
Open
Hashicorp vault auth allow tokens directly set in TriggerAuthentication#6026
#6143
Assignees
shardulsrivastava
Labels
bugSomething isn't workinggood first issueGood for newcomershelp wantedLooking for support from communitysecurityAll issues related to security
@JorTurFer

Description

@JorTurFer
JorTurFer
opened on Aug 2, 2024

Report

Currently, hashicorp vault auth supports 2 login methods, one based on service account and other based on tokens.
The problem is that the token isn't provided from a secret but from the TriggerAuthentication directly. This is a security risk as TriggerAuthentication isn't a sensitive API by design:
image
image

Expected Behavior

The token should be recovered from a secret

Actual Behavior

The token is read from the TriggerAuthentication manifest

Metadata

Metadata

Assignees

Labels

bugSomething isn't workinggood first issueGood for newcomershelp wantedLooking for support from communitysecurityAll issues related to security

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions