Ability to disable backends
gabegorelick opened this issue · 3 comments
My understanding (please correct me if I'm wrong!) is that all backends are initialized by KES, albeit they may not be usable if they're not fully configured. The backendType of the ExternalSecret resource then determines which backend to use.
kubernetes-external-secrets/lib/poller.js
Lines 95 to 96 in 92a69f2
But this means that anyone that can create an ExternalSecret can initiate API calls to services that the cluster admin may not want to authorize. For example, if you're using Vault for your secrets, but separately also have AWS Secrets Manager available via the node instance role, then anyone who can create an ExternalSecret can cause the secrets to be fetched from Secrets Manager.
Of course, the README points out that you shouldn't grant access via the node instance role, but it would still be safer if backends could be disabled to prevent this. There also may be other ways to exploit this that I haven't thought of.
https://github.com/external-secrets/external-secrets fixes this since SecretStores are configured separately from ExternalSecrets.
This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 30 days.
This issue was closed because it has been stalled for 30 days with no activity.