-
|
I've noticed that secrets provided through Is it really intended for these secrets to be stored unencrypted and in plaintext in the filesystem? If so, what is the recommended approach to ensure the security of these secrets? Should additional measures be taken to restrict access to these files within the container, or are there already best practices or security mechanisms in place for this? Thank you in advance for your insights and suggestions! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Secrets by definition are only content used within the container but not committed to the container image on commit. There is no requirement that they be protected on the host system or if they should be only available to privileged processes in side of the container. |
Beta Was this translation helpful? Give feedback.
-
|
The initial process of the container if privileged could modify the file access if it wants or even remove the file before fork/exec other processes of the container. |
Beta Was this translation helpful? Give feedback.
Secrets by definition are only content used within the container but not committed to the container image on commit. There is no requirement that they be protected on the host system or if they should be only available to privileged processes in side of the container.