[FEATURE]: CSM Authorization encryption for secrets in K3S #774
Assignees
Labels
area/csm-authorization
Issue pertains to the CSM Authorization module
type/feature
A feature. This label is applied to a feature issues.
Milestone
Comments
bharathsreekanth
added
the
type/feature-request
This was referenced Apr 24, 2023
shaynafinocchiaro
added
type/feature
shaynafinocchiaro
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the solution you'd like
Secrets need to be encrypted in CSM authorization proxy environment. Currently, secrets are not stored encrypted and it is a security risk that was made aware by several users. The authorization proxy currently uses K3S based solution, so this ask is for secrets to be encrypted in K3S.
Describe alternatives you've considered
Alternate solution is to make this defacto when Authorization proxy has been rearchitected.
Additional context
Reading through the documentation it appears that K3S only supports AES-CBC keys for encryption by default
Excerpts from the K3S doc:
Key Type: All keys using this tool are AES-CBC type. See more info here.
The text was updated successfully, but these errors were encountered: