Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

check for newline in referenced secrets values #874

Open
wasaga opened this issue Jan 12, 2024 · 0 comments
Open

check for newline in referenced secrets values #874

wasaga opened this issue Jan 12, 2024 · 0 comments
Labels
enhancement New feature or request

Comments

@wasaga
Copy link
Collaborator

wasaga commented Jan 12, 2024

it is customary to generate kubernetes secrets based on the contents of the files. However if you occasionally do a newline there, the newline would get persisted inside a parameter (that's also b64 encrypted), and it's very hard to spot.

I've seen it happening multiple times during support calls; i.e. the error from IdP (referenced in https://github.com/pomerium/internal/issues/1676) is rather cryptic as you seem to do everything right.

We probably should check for a newline everywhere we pull from secrets, and at least put an explicit warning to log files and /status of the CRD/Ingress.

Kubernetes secret generator footgun

Originally posted by @wasaga in https://github.com/pomerium/internal/issues/1676#issuecomment-1889496740
@wasaga wasaga added the enhancement New feature or request label Jan 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@wasaga