Secrets As Environment Variables
- Query id: 3d658f8b-d988-41a0-a841-40043121de1e
- Query name: Secrets As Environment Variables
- Platform: Kubernetes
- Severity: Low
- Category: Secret Management
- URL: Github
Description¶
Container should not use secrets as environment variables
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
apiVersion: v1
kind: Pod
metadata:
name: secret-env-pod
spec:
containers:
- name: mycontainer
image: redis
env:
- name: SECRET_USERNAME
valueFrom:
secretKeyRef:
name: mysecret
key: username
- name: SECRET_PASSWORD
valueFrom:
secretKeyRef:
name: mysecret
key: password
restartPolicy: Never
---
apiVersion: v1
kind: Pod
metadata:
name: envfrom-secret
spec:
containers:
- name: envars-test-container
image: nginx
envFrom:
- secretRef:
name: test-secret