Using ConfigMaps for credentials is an anti-pattern.

Question

Using ConfigMaps for credentials is an anti-pattern.

roncemer opened this issue 2 years ago · comments

You shouldn't be posting examples publicly of putting secrets in a ConfigMap. You're supposed to use a Kubernetes Secret for anything which should be kept secret. By showing an example of using a ConfigMap containing API keys, you're teaching people to deploy on K8s in an incredibly insecure way. You should re-work this, and your original article, to use secrets instead. Additionally, secret credentials should never be checked into a git repository or included in any source code. They can be kept separately in encrypted password storage, such as Keeper or even a password-protected keyring. There are also services which are designed specifically for keeping corporate credentials secure. You shouldn't be posting examples online of mis-handling credentials by carelessly putting them into a ConfigMap.

man from earth · Answer 1 · Sun Oct 23 2022 05:26:29 GMT+0800 (China Standard Time)

?!?!

I do not use a ConfigMap. I use a secret

man from earth · Answer 2 · Sun Oct 23 2022 05:27:16 GMT+0800 (China Standard Time)

https://github.com/freegroup/kube-s3/blob/master/yaml/secret.yaml