mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-09-19 23:19:52 +00:00
bd204d7d45
Every Ceph CLI that is invoked at present passes the key via the --key option, and hence is exposed to key being displayed on the host using a ps command or such means. This commit addresses this issue by stashing the key in a tmp file, which is again created on a tmpfs (or empty dir backed by memory). Further using such tmp files as arguments to the --keyfile option for every CLI that is invoked. This prevents the key from being visible as part of the argument list of the invoked program on the system. Fixes: #318 Signed-off-by: ShyamsundarR <srangana@redhat.com> |
||
|---|---|---|
| .. | ||
| csi-cephfsplugin-provisioner.yaml | ||
| csi-cephfsplugin.yaml | ||
| csi-config-map.yaml | ||
| csi-nodeplugin-rbac.yaml | ||
| csi-provisioner-rbac.yaml | ||