mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
16 lines
1.3 KiB
Plaintext
16 lines
1.3 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * security/external_secrets_operator/index.adoc
|
|
|
|
:_mod-docs-content-type: REFERENCE
|
|
[id="external-secrets-operator-proxy-considerations_{context}"]
|
|
= Security considerations
|
|
|
|
[role="_abstract"]
|
|
When using the {external-secrets-operator}, there are some security concerns you should consider:
|
|
|
|
* The `external-secrets` operand fetches the secrets from the configured external providers and stores it in a Kubernetes native `Secrets` resource. This results in a secret zero problem. It is recommended to secure the secret objects using additional encryption. For more information, see link:https://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/4.9/html/planning_your_deployment/security-considerations_rhodf#data-encryption-options_rhodf[Data encryption options].
|
|
|
|
* When configuring `SecretStore` and `ClusterSecretStore` resources, consider using short-term credential-based authorization. This approach enhances security by limiting the window of opportunity for unauthorized access, even if credentials are compromised.
|
|
|
|
* To enhance the security of the {external-secrets-operator}, it is crucial to implement role-based access controls (RBACs). These RBACs should define and limit access to the custom resources provided by the {external-secrets-operator-short}. |