Ma77Ball commented on code in PR #5757:
URL: https://github.com/apache/texera/pull/5757#discussion_r3454938999
##########
bin/k8s/values-development.yaml:
##########
@@ -352,6 +352,9 @@ texeraEnvVars:
value: ""
- name: USER_SYS_DOMAIN
value: ""
+ - name: AUTH_JWT_SECRET
+ # Development-only default (256-bit HS256 secret). Production environments
MUST override this with a different, securely generated secret.
+ value: "a7f3c8e9b14d2e6f5a0b9c3d8e1f4a6b2c5d7e9f0a3b6c8d1e4f7a9b2c5d8e1f"
Review Comment:
Non-blocking, and not introduced by this PR (it mirrors the same value
already committed in `values.yaml`): this hardcodes a real 256-bit HS256
signing key in the chart. Anyone who deploys the development profile gets a
publicly known JWT signing secret, so tokens can be forged on any such cluster.
The inline comment helps, but a footgun remains if a dev profile is ever
exposed.
Worth a follow-up (chart-wide, not just this file): generate the dev default
at install time and persist it, e.g. a Secret template using `lookup` +
`randAlphaNum 64`, instead of a committed literal. Flagging here since this is
the line that propagates the literal into the dev overlay.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
