Skip to content

fix: protect mongo and redis by password #1214

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Parent: fix: release 1.14.1
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

fix: protect mongo and redis by password #1214

wants to merge 1 commit into from

Conversation

@ikheifets-splunk
Copy link
Contributor

Description

Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change.

Fixes # (issue)

Type of change

Please delete options that are not relevant.

  • Dependency update
  • Bug fix
  • New feature
  • Refactor/improvement
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration

Checklist

  • My commit message is conventional
  • I have run pre-commit on all files before creating the PR
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • I have checked my code and corrected any misspellings

@ikheifets-splunk ikheifets-splunk changed the base branch from main to develop July 9, 2025 09:01
@ikheifets-splunk ikheifets-splunk force-pushed the fix/protect-mongo-and-redis-by-password branch 2 times, most recently from 18b315e to a1243cd Compare July 9, 2025 09:16
omrozowicz-splunk
omrozowicz-splunk reviewed Jul 14, 2025
View reviewed changes
Copy link
Contributor

@omrozowicz-splunk omrozowicz-splunk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good generally, but shouldn't we keep username and passwords as a k8s secrets? 🤔 this notation will make creds be visible in plain text even when in kubectl describe

omrozowicz-splunk
omrozowicz-splunk reviewed Jul 14, 2025
View reviewed changes
omrozowicz-splunk
omrozowicz-splunk requested changes Jul 14, 2025
View reviewed changes
Copy link
Contributor

@omrozowicz-splunk omrozowicz-splunk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please take a look at my comments ☺️

@omrozowicz-splunk
Copy link
Contributor

omrozowicz-splunk commented Jul 14, 2025
edited
Loading

okay, after I took a moment to think about it it makes sense to put initial credentials as

auth:
  username:
  password:

because if not it would be a mess to migrate. But we should also document a way to use existingSecret which is secure. Do you agree?

@ikheifets-splunk ikheifets-splunk force-pushed the fix/protect-mongo-and-redis-by-password branch 4 times, most recently from ea5e147 to 48a8219 Compare July 23, 2025 08:24
omrozowicz-splunk
omrozowicz-splunk reviewed Jul 23, 2025
View reviewed changes
docs/microk8s/sc4snmp-installation.md Outdated
Create secrets for Mongo and Redis:

```
kubectl create secret generic redis-auth-secret \
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wouldn't be better to create some default secret so we don't have problems during migration? and note that they can change it and how? I know it can be a problem for prodsec but still default secret > no secret 😅

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think additional secrets will confuse people more, do you agree?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

or maybe allow plain auth by default and only inform secret is more secure and point them to how to configure that? @ajasnosz what is your opinion?

@ikheifets-splunk ikheifets-splunk force-pushed the fix/protect-mongo-and-redis-by-password branch 3 times, most recently from 2bfe4af to a4afed4 Compare July 23, 2025 09:29
ikheifets-splunk
ikheifets-splunk commented Jul 23, 2025
View reviewed changes
@ikheifets-splunk ikheifets-splunk force-pushed the fix/protect-mongo-and-redis-by-password branch 3 times, most recently from efb575c to 02c6c63 Compare July 25, 2025 21:16
Base automatically changed from develop to main September 16, 2025 10:12
@omrozowicz-splunk omrozowicz-splunk changed the base branch from main to develop September 16, 2025 11:07
Base automatically changed from develop to main September 25, 2025 06:50
@ikheifets-splunk ikheifets-splunk force-pushed the fix/protect-mongo-and-redis-by-password branch 5 times, most recently from 0dfaee8 to b1c4720 Compare October 6, 2025 20:14
@omrozowicz-splunk omrozowicz-splunk changed the base branch from main to develop October 8, 2025 08:54
@omrozowicz-splunk
Copy link
Contributor

hey @ikheifets-splunk please let me know when you're ready for a review

@ikheifets-splunk ikheifets-splunk force-pushed the fix/protect-mongo-and-redis-by-password branch 9 times, most recently from 7f3dd51 to c9a1a00 Compare October 8, 2025 22:10
@ikheifets-splunk ikheifets-splunk force-pushed the fix/protect-mongo-and-redis-by-password branch 7 times, most recently from 9362369 to 8058886 Compare October 9, 2025 00:19
@ikheifets-splunk ikheifets-splunk force-pushed the fix/protect-mongo-and-redis-by-password branch from 8058886 to cc56d45 Compare October 9, 2025 00:29
@ikheifets-splunk
Copy link
Contributor Author

ikheifets-splunk commented Oct 9, 2025
edited
Loading

hey @ikheifets-splunk please let me know when you're ready for a review

@omrozowicz-splunk you can review

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@omrozowicz-splunk omrozowicz-splunk Awaiting requested review from omrozowicz-splunk omrozowicz-splunk is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ikheifets-splunk @omrozowicz-splunk