Store database password in Secret about curator HOT 6 CLOSED

We are already passing all environment variables to the config map generator and that all are converted into secrets.
Once we have the database table we will make sure over there to keep the type.

from curator.

This is still an unsolved issue.
Database password is visible as plaintext in configMap: https://console-openshift-console.apps.smaug.na.operate-first.cloud/k8s/ns/koku-metrics-operator/configmaps/backup-config-kffbgh9f46.

from curator.

@leihchen Can you clarify what the problem is? The contents of secrets and configmaps in kubernetes (or openshift) are always visible as plaintext. If you have access to the namespace that contains the data, you can see it.

If the password is being stored in plaintext in this repository that is a problem, but otherwise it sounds like things are behaving as designed.

from curator.

@larsks I was suggesting using Secret to store database password instead of configMap.

from curator.

That's fine, as long as you realize that secrets also store information as plain text. By default there's no functional difference between the two. The advantage to using a secret is primarily informational (it tells you, "this information should be treated carefully"), and because by having a separate resource type you can apply difference access policies, etc. to them. But simply moving from a configmap to a secret doesn't really get you anything in terms of security.

from curator.

OK. Thank you!

from curator.