vmware-tanzu/secrets-manager
VMware Secrets Manager is a lightweight secrets manager to protect your sensitive data. It’s perfect for edge deployments where energy and footprint requirements are strict—See more: https://vsecm.com/
GoBSD-2-Clause
Pinned issues
Issues
- 6
Increase Unit Test Coverage to 50% Across all GoLang Files Throughtout the Project
#1100 opened by v0lkan - 0
- 0
- 1
- 0
VSecM Keystone should bail out and crash if it cannot initialize in timely manner.
#1115 opened by v0lkan - 0
Optimize Landing Page’s CSS for Production
#1113 opened by v0lkan - 0
have a /purge API to removed orphaned secret backups in VSecm Safe's persistent volume.
#1111 opened by v0lkan - 0
(chore) Update Roadmap: The roadmap is a bit lagging and does not reflect the current priorities
#1110 opened by v0lkan - 0
(feat) Audit logging and log streaming
#1109 opened by v0lkan - 0
(feat) Ensure that Java SDK is functional
#1108 opened by v0lkan - 0
(feat) Rate Limiting
#1107 opened by v0lkan - 0
(feat) Use Different Root Keys Provided by External Users
#1106 opened by v0lkan - 0
(feat) Hierarchical Secrets Management
#1105 opened by v0lkan - 0
(feat) ACL For Secret Access
#1103 opened by v0lkan - 0
(feat) Storing Thousands of Large (Kubeconfig) Files
#1102 opened by v0lkan - 0
(feat) an operator shall be able to retrieve a secret in encrypted form with their own public key
#1104 opened by v0lkan - 0
safe should use logsecretfingerprints env variable too.
#1019 opened by v0lkan - 0
- 1
- 1
SDK shall use older (yet still safer) GoLang version for the widest compatibility.
#1075 opened by v0lkan - 0
- 0
- 0
Ensure that VSecM can be installed on OpenShift and the installation passes the integration and unit tests (i.e. it works)
#1028 opened by v0lkan - 0
integration tests iteration three: similar to iteration two, but disable clusterspiffeid and spire controller manager; have a script to register entries manually.
#999 opened by v0lkan - 2
integration tests iteration two: different namespaces, istio-like clusterspiffeids; test passes if the system can successfully set and retrieve a secret, nothing complicated
#998 opened by v0lkan - 1
A Secret Reconciler for CertManager
#1078 opened by v0lkan - 0
- 0
implement missing stores
#1029 opened by v0lkan - 1
use a daemonset for spiffe CSI driver
#1037 opened by v0lkan - 2
cross-check helm-charts-hardened with VSecM helm charts (generate yamls and compare both) for openshift and non-openshift
#997 opened by v0lkan - 0
release v0.39.0
#1038 opened by v0lkan - 0
integration test for in-memory-only persistence
#1031 opened by v0lkan - 0
implement missing persistence modes
#1030 opened by v0lkan - 1
Add annotation to K8s secrets created by VsecM
#957 opened by BulldromeQ - 1
volkan: update the roamap
#1013 opened by v0lkan - 1
no need to dump all env vars — `k describe po $podname` already provides env var names. -- just display a select few ones and that would be good enough.
#1017 opened by v0lkan - 0
app.kubernetes.io/managed-by=<operator-name> in the secret to indicate which operator manages it.
#995 opened by v0lkan - 2
during `make deploy` define clusterspiffeids only after SPIRE has properly reconciled. — this can be done maybe adding some optional wait time after SPIRE has been deployed. — especially useful for multi-node test setups where things might take a bit extra to reconcile.
#982 opened by v0lkan - 1
make sure all env vars are documented in inline comments, helm charts, and also on the “configuration” section of the website.
#989 opened by v0lkan - 2
let spire-server and the rest of the spire be in two separate namespaces for security (that’s how helm-charts-hardened does it)
#977 opened by v0lkan - 1
- 1
helm charts: ability to not create initial clusterspiffeids (because some other process is creating those); also ability to not use SpireControllerManager at all (both of these will be optional)
#987 opened by v0lkan - 1
use helm docs
#986 opened by v0lkan - 2
ability to use istio-compatible SPIFFE IDs ( spiffe://vsecm.com/ns/vsecm-system/sa/vsecm-safe for safe, for example)
#975 opened by v0lkan - 2
ability to use VSecM without relying on ClusterSPIFFEIds (i.e. without SpireControllerManager)
#976 opened by v0lkan - 0
Quickstart issues
#983 opened by LuanaMartelli - 1
volkan: address `TODO:` comments in the source code.
#961 opened by v0lkan - 1
upgrade to go1.22.3 (there are certain minor vulns in go core that this upgrade fixes)
#962 opened by v0lkan - 2
VSecM shall be able to be deployed to namespaces other than vsecm-system and spire-system
#950 opened by v0lkan - 1