security pass for secret access #325
Description
Description
Before we get into actual production, we need to do a security pass. We've already ensured secure database connections everywhere. The next step is taking a look at what prevents other connected users from viewing secrets such as:
- root credentials
- postgres certs
Not sure if RBAC makes the most sense here... like restricting access to a specific cluster role or service account?
Needs to be reviewed (and possibly updated for) the following apps.
nextcloud
- nextcloud config
- minio tenant secret config
- postgresql certs
- server-certs
- client-certs
- keypair-server-certs
- keypair-client-certs
zitadel
- minio tenant
- postgresql certs
- server-certs
- client-certs
- keypair-server-certs
- keypair-client-certs
mastodon
- minio tenant secret config
- mastodon secret config
- mastodon default config configmap while we're at it
- postgresql certs
- server-certs
- client-certs
- keypair-server-certs
- keypair-client-certs
matrix
- matrix secret config
- minio tenant secret config
- postgresql certs
- server-certs
- client-certs
- keypair-server-certs
- keypair-client-certs
bitwarden eso provider
- credentials secret
argocd
- oidc secret