Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

move credentials to Secret #29

Merged
merged 1 commit into from
Dec 14, 2023
Merged

move credentials to Secret #29

merged 1 commit into from
Dec 14, 2023

Conversation

tamcore
Copy link
Contributor

@tamcore tamcore commented Dec 13, 2023

This touches on my comment in #27 (comment), as ConfigMaps are not intended to hold confidential data.

@tamcore
move credentials to Secret
456d7fc 
ConfigMaps are not intended to hold confidental data. Storing credentials in Secrets instead brings advantages of Encryption at Rest for Secrets and proper RBAC separation.
@tananaev
Copy link
Member

@filippolmt would you mind taking a look.

filippolmt
filippolmt reviewed Dec 13, 2023
View reviewed changes
charts/traccar/templates/configmap.yaml
@@ -13,6 +13,7 @@ data:
<!DOCTYPE properties SYSTEM 'http://java.sun.com/dtd/properties.dtd'>
<properties>
<entry key='config.default'>./conf/default.xml</entry>
<entry key='config.useEnvironmentVariables'>true</entry>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tananaev by adding this configuration in the xml file, is it possible to use environment variables?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's defined here https://github.com/traccar/traccar/blob/master/src/main/java/org/traccar/config/Config.java#L58-L59

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes.

@filippolmt
Copy link
Contributor

As an improvement, I would add the possibility of using an existing secrets in the cluster (of course documenting how to do this) and adding a functionality test.

The fact remains that this PR is fine, you could opt to do it at a later date.

@tamcore
Copy link
Contributor Author

tamcore commented Dec 13, 2023

I think that's already covered by env :)

traccar-helm/charts/traccar/values.yaml

Lines 170 to 184 in ae85446

# This allows you to use environment variables (i.e. referenced from Secrets) to use in your configuration
# The names of the keys are identical. But, a dot (.), you'll have to use an underscore (_) and define everything in UPPERCASE
env: []
# - name: "CONFIG_USE_ENVIRONMENT_VARIABLES"
# value: "true"
# - name: "DATABASE_USER"
# valueFrom:
# secretKeyRef:
# name: "postgres-secrets"
# key: "username"
# - name: "DATABASE_PASSWORD"
# valueFrom:
# secretKeyRef:
# name: "postgres-secrets"
# key: "password"

@filippolmt
Copy link
Contributor

Thank you, I had completely missed it. :)

@filippolmt
Copy link
Contributor

@tananaev we can merge the PR

@tananaev tananaev merged commit 246dede into traccar:main Dec 14, 2023
1 check passed
@tananaev
Copy link
Member

Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tananaev tananaev tananaev left review comments

@filippolmt filippolmt filippolmt approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tamcore @tananaev @filippolmt