mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-12-03 03:30:19 +00:00
bd204d7d45
Every Ceph CLI that is invoked at present passes the key via the --key option, and hence is exposed to key being displayed on the host using a ps command or such means. This commit addresses this issue by stashing the key in a tmp file, which is again created on a tmpfs (or empty dir backed by memory). Further using such tmp files as arguments to the --keyfile option for every CLI that is invoked. This prevents the key from being visible as part of the argument list of the invoked program on the system. Fixes: #318 Signed-off-by: ShyamsundarR <srangana@redhat.com> |
||
---|---|---|
.. | ||
_helpers.tpl | ||
csidriver-crd.yaml | ||
csiplugin-configmap.yaml | ||
nodeplugin-clusterrole.yaml | ||
nodeplugin-clusterrolebinding.yaml | ||
nodeplugin-daemonset.yaml | ||
nodeplugin-rules-clusterrole.yaml | ||
nodeplugin-serviceaccount.yaml | ||
NOTES.txt | ||
provisioner-clusterrole.yaml | ||
provisioner-clusterrolebinding.yaml | ||
provisioner-role.yaml | ||
provisioner-rolebinding.yaml | ||
provisioner-rules-clusterrole.yaml | ||
provisioner-service.yaml | ||
provisioner-serviceaccount.yaml | ||
provisioner-statefulset.yaml |