Do a command injection via vault template
commjoen opened this issue · comments
Have a script that has a secret echoed in ******
after the vault injection, which with template injection can be uncovered.
@commjoen Hi, I would like to work on this challenge, can you assign it to me?
@commjoen Is it good to echo the secret at the Vault path secret/secret-challenge vaultpassword after creating it in k8s-vault-minkube-start.sh script at line 82 as the first part of this issue?
@nwolniak the sidecar which can get a secret using a vault template should echo it (as in the secret should be "echo 'random secret'" so that you can read it from the logging of the sidecar. https://developer.hashicorp.com/vault/docs/platform/k8s/injector