Checkov: CKV_K8S_35: "Prefer using secrets as files over secrets as environment variables"
Opened this issue · 1 comments
padmankosalaram commented
Check: CKV_K8S_35: "Prefer using secrets as files over secrets as environment variables"
FAILED for resource: Job.mas-inst1-pipelines.mas-deploy-job
File: /chart/deploy-mas/mas-deploy/templates/01-deploy-mas.yaml:95-327
padmankosalaram commented
This issue can not be fixed. Please find below the reason.
The helm chart accepts 2 secret variables ( entitlement_key & authorized_entitlement ) from terraform found in this line
These secrets are important for installing MAS. Also their values are already base64 encode in terraform and passed to helm chart. Helm chart will store them as k8s secret and further inject into POD
Hence it is important to have the secret as environment variables in this line