Sensitive Mailer config settings via Kubernetes secrets #174

New Issue

Closed

opened 2021-06-11 11:37:01 +00:00 by lord-kyron · 9 comments

lord-kyron commented 2021-06-11 11:37:01 +00:00 (Migrated from gitea.com)

Copy Link

Hi again,
for the same security purposes I requested the admin username and password to be able to put in k8s secrets, now I remembered, that the SMTP (Mailer) username and password are also sensitive info and can also be put under k8s secrets.

Can you again,please, implement this change if possible?

Thank you!

Hi again, for the same security purposes I requested the admin username and password to be able to put in k8s secrets, now I remembered, that the SMTP (Mailer) username and password are also sensitive info and can also be put under k8s secrets. Can you again,please, implement this change if possible? Thank you!

👍 3

volker.raschek commented 2021-06-12 15:21:13 +00:00 (Migrated from gitea.com)

Copy Link

Not only the username and password of the mailer should be protected by a secret, the database credentials should also be secured by a secret!

Not only the username and password of the mailer should be protected by a secret, the database credentials should also be secured by a secret!

👍 2

justusbunsi commented 2021-06-12 17:37:25 +00:00 (Migrated from gitea.com)

Copy Link

Same for oauth. ?

EDIT: https://gitea.com/gitea/helm-chart/issues/242

Same for oauth. ? EDIT: https://gitea.com/gitea/helm-chart/issues/242

👍 2

lord-kyron commented 2021-06-15 07:11:38 +00:00 (Migrated from gitea.com)

Copy Link

@luhahn @lunny can youguys check this one,please ?

@luhahn @lunny can youguys check this one,please ?

luhahn commented 2021-06-19 16:26:11 +00:00 (Migrated from gitea.com)

Copy Link

I will try to implement this next week. It will be a bigger change because we will need to add env var parsing to the init container and infuse it into the app.ini

I will try to implement this next week. It will be a bigger change because we will need to add env var parsing to the init container and infuse it into the app.ini

tie commented 2021-10-30 11:33:14 +00:00 (Migrated from gitea.com)

Copy Link

Sorry to bother you guys (you're doing a fantastic job!!), but are there any news on this issue?

Sorry to bother you guys (you're doing a fantastic job!!), but are there any news on this issue?

lord-kyron commented 2021-10-30 12:44:13 +00:00 (Migrated from gitea.com)

Copy Link

Yes guys, I am still waiting for this feature to be available.

Yes guys, I am still waiting for this feature to be available.

justusbunsi commented 2021-10-30 13:08:41 +00:00 (Migrated from gitea.com)

Copy Link

@lord-kyron

Yes guys, I am still waiting for this feature to be available.

Afaik there is no progress on this issue.

We all do this in our spare time and it seems that there is not much of it in the past months. Any help (whether ideas on how to implement things or even providing PRs) is highly appreciated.

@lord-kyron >Yes guys, I am still waiting for this feature to be available. Afaik there is no progress on this issue. We all do this in our spare time and it seems that there is not much of it in the past months. Any help (whether ideas on how to implement things or even providing PRs) is highly appreciated.

justusbunsi commented 2021-11-13 11:28:47 +00:00 (Migrated from gitea.com)

Copy Link

? Gitea is smarter than me with referencing issues.

? Gitea is smarter than me with referencing issues.

justusbunsi commented 2021-11-19 23:20:53 +00:00 (Migrated from gitea.com)

Copy Link

? Don't know what I got wrong last time. Mailer config is inside app.ini. #240 will actually resolve this and even allow for more flexibility so that database credentials can be provided in a secure manner.

? Don't know what I got wrong [last time](https://gitea.com/gitea/helm-chart/pulls/240#issuecomment-690932). Mailer config _is_ inside `app.ini`. #240 will actually resolve this and even allow for more flexibility so that [database credentials](https://gitea.com/gitea/helm-chart/issues/174#issuecomment-440617) can be provided in a secure manner.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

renovate/postgresql-ha-15.x

renovate/postgresql-16.x

renovate/redis-20.x

renovate/redis-cluster-11.x

fix-674

app-ini-recreation

fix-env-to-ini

clean-app-ini

gitea-ha

v10.6.0

v10.5.0

v10.4.1

v10.4.0

v10.3.0

v10.2.0

v10.1.4

v10.1.3

v10.1.2

v10.1.1

v10.1.0

v10.0.2

v10.0.1

v10.0.0

v9.6.1

v9.6.0

v9.5.1

v9.5.0

v9.4.0

v9.3.0

v9.2.1

v9.2.0

v9.1.0

v9.0.4

v9.0.3

v9.0.2

v9.0.1

v9.0.0

v8.3.0

v8.2.0

v8.1.0

v8.0.3

v8.0.2

v8.0.1

v8.0.0

v7.0.4

v7.0.3

v7.0.2

v7.0.1

v7.0.0

v6.0.5

v6.0.4

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.9

v5.0.8

v5.0.7

v5.0.6

v5.0.5

v5.0.4

v5.0.3

v5.0.2

v5.0.1

v5.0.0

v4.1.1

v4.1.0

v4.0.3

v4.0.2

v4.0.1

v4.0.0

v3.1.4

v3.1.3

v3.1.2

v3.1.1

v3.1.0

v3.0.0

v2.2.5

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.11

v2.1.10

v2.1.9

v2.1.8

v2.1.7

v2.1.6

v2.1.5

v2.1.4

v2.1.3

v2.1.2

v2.1.1

v2.1.0

v2.0.7

v2.0.6

v2.0.5

v2.0.4

v2.0.3

v2.0.2

v2.0.0

v1.5.5

v1.5.4

v1.5.3

v1.5.2

v1.5.1

v1.5.0

v1.4.9

v1.4.8

v1.4.7

v1.4.6

v1.4.5

v1.4.4

v1.4.3

v1.4.2

Labels

Clear labels

has/backport

in progress

invalid

kind/breaking

kind/bug

kind/build

kind/dependency

kind/deployment

kind/docs

kind/enhancement

kind/feature

kind/lint

kind/proposal

kind/question

kind/refactor

kind/security

kind/testing

kind/translation

kind/ui

need/backport

priority/critical

priority/low

priority/maybe

priority/medium

reviewed/duplicate

reviewed/invalid

reviewed/wontfix

skip-changelog

status/blocked

status/needs-feedback

status/needs-reviews

status/wip

upstream/gitea

upstream/other

No Label

kind/feature

kind/security

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

lunny

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: lunny/helm-chart#174

No description provided.