Skip to content

Option to hide sensitive data in specific fields #5201

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
kvaps opened this issue Jan 6, 2021 · 2 comments
Open

Option to hide sensitive data in specific fields #5201

kvaps opened this issue Jan 6, 2021 · 2 comments
Labels
enhancement New feature or request

Comments

@kvaps
Copy link

kvaps commented Jan 6, 2021

Summary

We need an opportunity mask or hide specific fields for all resources.

Motivation

We're using qbec to generate and render kubernetes manifests from jsonnet files.
Just like ksonnet it also can add its own last-applied annotation with gziped secret encoded in base64.

while secret data is hidden, the last-applied annotation doesn't:

image

Proposal

Add configuration option into argocd configmap:

data:
  resource.customizations: |
    "*":
      maskFields:
      - field: "metadata.annotations.\"qbec.io/last-applied\""
@kvaps kvaps added the enhancement New feature or request label Jan 6, 2021
@Gallardo994
Copy link

Not sure it can cover everything you would like to "hide", but have you tried SealedSecrets? https://github.com/bitnami-labs/sealed-secrets

@kvaps
Copy link
Author

kvaps commented Jan 11, 2021

This annotation is generated automatically each time when new manifest is applied.

I mean that argocd is hiding the secrets automatically even in kubectl.kubernetes.io/last-applied-configuration annotation:

image

Which is totaly fine, but it would be more nicier to have this behavior configurable (which fields to hide from user)

@kvaps kvaps mentioned this issue Apr 8, 2021
Open
@renat1sakenov renat1sakenov mentioned this issue Jul 25, 2023
Closed
3 tasks
@crenshaw-dev crenshaw-dev changed the title Option to hide sesetive data in specific fields Option to hide sensitive data in specific fields Sep 27, 2023
@crenshaw-dev crenshaw-dev mentioned this issue Sep 27, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kvaps @Gallardo994