Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fetch the sealed secrets cert as startup event #196

Merged
merged 5 commits into from
Dec 17, 2022
Merged

Fetch the sealed secrets cert as startup event #196

merged 5 commits into from
Dec 17, 2022

Conversation

Jaydee94
Copy link
Owner

  • Remove the initContainer from helm chart
  • Set necessary environment variables in api deployment
  • Run fastapi startup event instead of using initContainer
  • Use the uvicorn logger to see all custom logs
  • Update python dependencies
  • Notice about helm chart update in README

@Jaydee94
Fetch the sealed secrets cert as startup event
119811e 
* Remove the initContainer from helm chart
* Set necessary environment variables in api deployment
* Run fastapi startup event instead of using initContainer
* Use the uvicorn logger to see all custom logs
* Update python dependencies
* Notice about helm chart update in README
@Jaydee94 Jaydee94 added the enhancement New feature or request label Dec 14, 2022
github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 14, 2022
View reviewed changes
api/kubeseal_webgui_api/app_config.py

LOGGER.info(
"Fetch certificate from sealed secrets controller '%s' in namespace '%s'",
sealed_secrets_controller_name,

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information

This expression logs [sensitive data (secret)](1) as clear text.
api/kubeseal_webgui_api/app_config.py
LOGGER.info(
"Fetch certificate from sealed secrets controller '%s' in namespace '%s'",
sealed_secrets_controller_name,
sealed_secrets_namespace,

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information

This expression logs [sensitive data (secret)](1) as clear text.
api/kubeseal_webgui_api/app_config.py
LOGGER.error(error_message)
raise RuntimeError(error_message)
with open(kubeseal_cert, "w") as file:
LOGGER.info("Saving certificate in '%s'", kubeseal_cert)

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information

This expression logs [sensitive data (certificate)](1) as clear text.
@FSchumacher
Copy link
Collaborator

Have you had a look at tiangolo/fastapi#1508 (comment)
I seems to me, that we could use that to add our own logger handler.

@Jaydee94
use own logger for kubeseal-webgui
c3defb9 
* Add ability to overwrite the loglevel of the api image in the helm chart
* npm audit fix
@Jaydee94
Add logging_config.yaml
473d380
@Jaydee94 Jaydee94 merged commit 97d5b01 into master Dec 17, 2022
@Jaydee94 Jaydee94 deleted the fetch-cert-startup-event branch December 17, 2022 15:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@FSchumacher FSchumacher Awaiting requested review from FSchumacher

Assignees

@FSchumacher FSchumacher

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@Jaydee94 @FSchumacher