SECURITY: allow to protect KUBECONFIG
Release notes
Problem to solve
KUBECONFIG
contains secrets resp. can be used to extract them. E.g.
job:
environment:
name: production
script:
- kubectl describe secrets
will reveal secrets used by pods of the "production" environment.
As environments itself can not be protected in -ce, please add a way to protect the kubernetes related variables there.
Intended users
User experience goal
Proposal
Allow to enable kubernetes integration only for protected branches.
Further details
Permissions and Security
-
Add expected impact to Owner (50) members
Documentation
Availability & Testing
What does success look like, and how can we measure that?
What is the type of buyer?
core