-
Notifications
You must be signed in to change notification settings - Fork 419
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feature] Eliminate GCP key from chart #2767
Comments
+1 here - this would also make our static code analysis tooling much happier, not having this |
This issue depends on opencost/opencost#2311 before it can be implemented. Would likely require other chart-level changes as well. |
As a note, this would increase install friction since users would get default costs unless they add their key in to get public pricing for gcp nodes. |
This issue has been marked as stale because it has been open for 360 days with no activity. Please remove the stale label or comment or this issue will be closed in 5 days. |
This issue was closed because it has been inactive for 365 days with no activity. |
Problem Statement
The environment variable
CLOUD_PROVIDER_API_KEY
is present by default in the chart with a Kubecost-provided, hard-coded value. This is to increase user time-to-value and provide less work for them. However, this goes against basic security practices and as a result is being flagged and alerted on by various linters and scanners in CI. Defining sensitive information such as passwords, keys, and API tokens, even if deemed "safe" for public consumption, should be avoided.Solution Description
Eliminate the hard-coded
CLOUD_PROVIDER_API_KEY
value and template allowing users to bring their own. Provide documentation instructing users on how to create a key with the required permissions.Alternatives
No response
Additional Context
No response
Troubleshooting
The text was updated successfully, but these errors were encountered: