vmware-tanzu/secrets-manager issues and pull requests

#233 - website: move changelog, releases, and roadmap all the way to the bottom so that they don’t get in the way of the reader’s flow

Issue - State: closed - Opened by v0lkan about 1 year ago - 1 comment
Labels: enhancement, good first issue, feature:website

#232 - 190: Fixing sentinal and safe's identify yaml

Pull Request - State: closed - Opened by abhishek44sharma about 1 year ago
Labels: feature:helm-charts

#231 - 176: Introducing VSecM Blog page

Pull Request - State: closed - Opened by abhishek44sharma about 1 year ago - 1 comment

#230 - create a `make helm` make target

Issue - State: closed - Opened by v0lkan about 1 year ago - 1 comment
Labels: good first issue, workflow

#229 - When registering a kubernetes secret via interpolation, if the K8s secrets to modify is not there VSecM Safe logs an error (expected); VSecM Sentinel gives an OK (not exptected) — sentinel shall also err out

Issue - State: closed - Opened by v0lkan about 1 year ago - 5 comments
Labels: bug, good first issue, workshop:candidate, v0.29.0-candidate

#228 - demo: remove sentinel after you are done with it (for extra security) and add it back when you need it — it could be part of the makefile too.

Issue - State: open - Opened by v0lkan about 1 year ago
Labels: marketing, community

#227 - sentinel shall have audit logs too on standard out

Issue - State: open - Opened by v0lkan about 1 year ago - 1 comment
Labels: enhancement, good first issue, security

#226 - For template transformation, we need a “free form” format type that neither JSON nor yaml checks are done and the text is transformed as is

Issue - State: open - Opened by v0lkan about 1 year ago
Labels: enhancement, good first issue

#225 - VSecM Safe validates its SVID only at bootstrap, it might be useful if it did it at every API requrest (or response) instead.

Issue - State: closed - Opened by v0lkan about 1 year ago - 2 comments
Labels: enhancement, good first issue

#224 - demo autoscaling use case

Issue - State: open - Opened by v0lkan about 1 year ago - 1 comment
Labels: enhancement

#223 - create a demo video for helm charts

Issue - State: closed - Opened by v0lkan about 1 year ago - 1 comment
Labels: documentation, marketing, community

#222 - Use a separate VSecM Safe to store the master keys (instead of a k8s secret)

Issue - State: open - Opened by v0lkan about 1 year ago
Labels: enhancement, security

#221 - A sidecar, but isntead of mounting to a volume, it exposes an HTTP API, so that the pod’s local interface – it is local network; external pods shall not read it.

Issue - State: open - Opened by v0lkan about 1 year ago - 1 comment
Labels: enhancement

#220 - the Makefile shall honor a $VSECM_VERSION environment variable, if provided.

Issue - State: closed - Opened by v0lkan about 1 year ago - 1 comment
Labels: good first issue, workflow

#219 - A lot of (mostly) documentation changes

Pull Request - State: closed - Opened by v0lkan about 1 year ago - 2 comments
Labels: dco-required

#218 - Try updating nokogiri to a less vulnerable version

Issue - State: closed - Opened by v0lkan about 1 year ago - 1 comment
Labels: documentation, good first issue, priority:low, workflow, security

#217 - In the makefile help, instead of sayig “Istanbul”; saying “Distroless” makes more sense.

Issue - State: closed - Opened by v0lkan about 1 year ago - 5 comments
Labels: enhancement, good first issue, component:sentinel

#216 - Dependabot Alert About Active Support

Issue - State: closed - Opened by v0lkan over 1 year ago - 1 comment
Labels: good first issue, priority:medium, security

#204 - 197: Restructuring helm-charts to accommodate helm-chart for each release

Pull Request - State: closed - Opened by abhishek44sharma over 1 year ago

#203 - Release v0.24.0

Issue - State: open - Opened by v0lkan over 1 year ago
Labels: workflow

#202 - Release v023.0

Issue - State: open - Opened by v0lkan over 1 year ago
Labels: workflow

#201 - Release v0.22.0

Issue - State: closed - Opened by v0lkan over 1 year ago - 1 comment
Labels: workflow

#200 - We need a dedicated Inspector example pod that has an ./env binary that displays the secret bound to it in plain text without doing any weird computation

Issue - State: open - Opened by v0lkan over 1 year ago
Labels: good first issue, workflow

#199 - Once #185 is done create a demo video about how the “manual” mode of VSecm Safe should work

Issue - State: open - Opened by v0lkan over 1 year ago - 1 comment
Labels: marketing, v0.33.0-candidate

#198 - Release v0.21.0

Issue - State: closed - Opened by v0lkan over 1 year ago - 2 comments
Labels: @waitingfor, workflow

#196 - Write script to initialise helm chart for next release.

Issue - State: closed - Opened by abhishek44sharma over 1 year ago - 1 comment
Labels: enhancement, priority:medium, workflow, important

#191 - docs: about clusterspiffeid

Issue - State: closed - Opened by v0lkan over 1 year ago - 1 comment
Labels: documentation

#190 - Sentinel and Safe’s Identity.yaml need stricter matchers

Issue - State: closed - Opened by v0lkan over 1 year ago - 3 comments
Labels: bug, security, important

#189 - documentation update about contributor sync

Issue - State: closed - Opened by v0lkan over 1 year ago - 1 comment
Labels: documentation, marketing, community

#188 - have a binary that acts as a mini REST server for the `Fetch` SDK method

Issue - State: open - Opened by v0lkan over 1 year ago
Labels: enhancement

#186 - Create an External SDK Developer’s Gude

Issue - State: open - Opened by v0lkan over 1 year ago
Labels: documentation, enhancement

#185 - A binary to generate random master keys; and a script to export the existing master keys

Issue - State: open - Opened by v0lkan over 1 year ago
Labels: enhancement, good first issue

#184 - The “lock” mode is not tested

Issue - State: open - Opened by v0lkan over 1 year ago - 1 comment
Labels: enhancement, coverage

#183 - update to quickstart guide

Issue - State: closed - Opened by v0lkan over 1 year ago - 1 comment
Labels: documentation

#181 - changes to the makefile help command

Issue - State: closed - Opened by v0lkan over 1 year ago - 2 comments

#180 - Scalability: have mutliple VSecM Safe instances

Issue - State: open - Opened by v0lkan over 1 year ago - 1 comment
Labels: enhancement, v0.33.0-candidate

#176 - create a template for the blog

Issue - State: closed - Opened by v0lkan over 1 year ago - 1 comment
Labels: documentation, marketing, community, important

#175 - Fix code scanning alert - Size computation for allocation may overflow

Issue - State: closed - Opened by v0lkan over 1 year ago - 2 comments
Labels: bug, good first issue, security, important

#173 - doc missing link on readme: [Here is a list of step-by-step tutorials][register] covers several usage scenarios that can show you where and how VMware Secrets Manager could be used.

Issue - State: closed - Opened by v0lkan over 1 year ago - 1 comment
Labels: documentation

#172 - provide more keywords in the charts.yaml

Issue - State: closed - Opened by v0lkan over 1 year ago - 8 comments
Labels: good first issue, feature:helm-charts, marketing

#171 - artifacthub vsecm package is not signed. figure out what to do to make it signed

Issue - State: closed - Opened by v0lkan over 1 year ago - 1 comment
Labels: wontfix, workflow

#170 - claim repo ownership

Issue - State: closed - Opened by v0lkan over 1 year ago - 1 comment
Labels: workflow

#169 - address vulnerabilities that artifacthub reports

Issue - State: open - Opened by v0lkan over 1 year ago - 1 comment
Labels: priority:urgent, security, compliance

#168 - create a VSecM version of this video: https://vimeo.com/v0lkan/aegis-use-cases

Issue - State: closed - Opened by v0lkan over 1 year ago - 3 comments
Labels: community

#167 - VSecM shall automatically generate secrets given a template

Issue - State: closed - Opened by v0lkan over 1 year ago - 1 comment
Labels: enhancement, experimental

#165 - arrange a vSecM codewalk in one of the developer hours

Issue - State: open - Opened by v0lkan over 1 year ago - 3 comments
Labels: community

#164 - ability for two workloads in two different namespaces to consume the same secret

Issue - State: open - Opened by v0lkan over 1 year ago - 1 comment
Labels: enhancement

#158 - nit: README shall link to maintainers.md instead of codeowners

Issue - State: closed - Opened by v0lkan over 1 year ago - 1 comment
Labels: documentation

#155 - SPIRE v1.8.0 has been released, helm charts and manifests need to be updated and tests need to run to make sure things still work as expected

Issue - State: closed - Opened by v0lkan over 1 year ago - 2 comments
Labels: enhancement, good first issue, SPIRE, dependencies

#147 - Placeholder: HashiCorp Vault Integration

Issue - State: closed - Opened by v0lkan over 1 year ago - 1 comment
Labels: enhancement, wontfix

#146 - schedule monthly developer hours

Issue - State: closed - Opened by v0lkan over 1 year ago - 1 comment
Labels: community

#144 - artifacthub: claim ownership: https://artifacthub.io/control-panel/repositories?page=1

Issue - State: closed - Opened by v0lkan over 1 year ago - 2 comments
Labels: workflow

#142 - doc update: The project MUST clearly show or document how to run the test suite(s) (e.g., via a continuous integration (CI) script or via documentation in files such as BUILD.md, README.md, or CONTRIBUTING.md)

Issue - State: open - Opened by v0lkan over 1 year ago - 3 comments
Labels: documentation

#141 - update docs: The project's initial response time for any vulnerability report received in the last 6 months MUST be less than or equal to 14 days

Issue - State: closed - Opened by v0lkan over 1 year ago - 1 comment
Labels: documentation

#140 - create a self-security assesment

Issue - State: open - Opened by v0lkan over 1 year ago
Labels: documentation, security, v0.38.0-candidate

#139 - add to documentation about how one can verify the signatures of docker images and also published code releases

Issue - State: closed - Opened by v0lkan over 1 year ago - 1 comment
Labels: documentation

#138 - The project MUST have a formal written policy that as major new functionality is added, tests for the new functionality MUST be added to an automated test suite.

Issue - State: closed - Opened by v0lkan over 1 year ago - 1 comment
Labels: documentation

#135 - documentation: add instructions to uninstall

Issue - State: closed - Opened by v0lkan over 1 year ago - 1 comment
Labels: documentation

#134 - add badgest to readme and also to the docs index page

Issue - State: closed - Opened by v0lkan over 1 year ago - 2 comments
Labels: documentation, workflow

#133 - Create a separate "security requirements" documentation page

Issue - State: closed - Opened by v0lkan over 1 year ago - 2 comments
Labels: documentation

#132 - The project MUST clearly define and document its project governance model (the way it makes decisions, including key roles).

Issue - State: closed - Opened by v0lkan over 1 year ago - 1 comment
Labels: documentation

#130 - The project MUST have FLOSS automated test suite(s) that provide at least 90% statement coverage if there is at least one FLOSS tool that can measure this criterion in the selected language.

Issue - State: open - Opened by v0lkan over 1 year ago
Labels: workflow, v0.35.0-candidate

#129 - The project MUST document its code review requirements, including how code review is conducted, what must be checked, and what is required to be acceptable.

Issue - State: closed - Opened by v0lkan over 1 year ago - 1 comment
Labels: documentation

#128 - The project MUST clearly identify small tasks that can be performed by new or casual contributors. - also update the documentation about how people can find these tasks

Issue - State: closed - Opened by v0lkan over 1 year ago - 2 comments
Labels: documentation

#127 - Stability: VSecM must have at least two unassociated significant contributors

Issue - State: open - Opened by v0lkan over 1 year ago - 1 comment
Labels: workflow

#126 - Stability: VSecM MUST have at least a bus factor of 2

Issue - State: closed - Opened by v0lkan over 1 year ago - 1 comment
Labels: workflow, security, important

#125 - Bootstrap log should summarize which env vars are being used, what features are enabled, which version the binary is etc

Issue - State: open - Opened by v0lkan over 1 year ago
Labels: enhancement, good first issue

#124 - demo: Secretless Aegis Safe

Issue - State: open - Opened by v0lkan over 1 year ago - 1 comment
Labels: enhancement, security, important, v0.33.0-candidate

#122 - configuration docs update

Issue - State: closed - Opened by v0lkan over 1 year ago - 1 comment
Labels: documentation

#121 - helm chart documentaiton should include instructions to how to configure various components too: https://vmware-tanzu.github.io/secrets-manager/

Issue - State: closed - Opened by v0lkan over 1 year ago - 3 comments
Labels: documentation, feature:helm-charts

#120 - have an option to deploy things without SPIRE (assuming that you have a SPIRE agent that you can already talk to)

Issue - State: closed - Opened by v0lkan over 1 year ago - 1 comment
Labels: enhancement, important

#119 - consider using helm everywhere

Issue - State: closed - Opened by v0lkan over 1 year ago - 2 comments
Labels: @waitingfor, needs-clarification

#116 - Create a controller to sync Aegis state to k8s secrets that it interpolates

Issue - State: open - Opened by v0lkan over 1 year ago
Labels: enhancement, v0.38.0-candidate

#115 - doc update: backups

Issue - State: closed - Opened by v0lkan over 1 year ago - 1 comment
Labels: documentation

#114 - add hashes to log lines to prevent tampering

Issue - State: open - Opened by v0lkan over 1 year ago - 1 comment
Labels: enhancement, security, v0.33.0-candidate

#112 - create a vsecm-inspector deployment to indirectly inspect the workloads (during demos and tests)

Issue - State: open - Opened by v0lkan over 1 year ago
Labels: enhancement, good first issue

#110 - create new use-case videos that mimic old use-case videos but use vsecm instead.

Issue - State: closed - Opened by v0lkan over 1 year ago - 1 comment
Labels: documentation, enhancement, community

#107 - Get an OpenSSF best practices badge https://bestpractices.coreinfrastructure.org/en

Issue - State: open - Opened by v0lkan over 1 year ago - 2 comments
Labels: enhancement, security, openssf

#105 - use slackin to create a slack registration page

Issue - State: closed - Opened by v0lkan over 1 year ago - 3 comments
Labels: marketing, community

#102 - bug: when adding a new secret, the transformation applies to all the secrets instead of the just newly-added secret; it should not.

Issue - State: open - Opened by v0lkan over 1 year ago
Labels: bug, good first issue, priority:medium, workshop:candidate, v0.28.0-candidate, @watch

#100 - Use a machine-readable format for logs

Issue - State: open - Opened by v0lkan over 1 year ago - 2 comments
Labels: documentation, enhancement, good first issue, quality, feature:logging

#99 - ability to configure the audit target

Issue - State: open - Opened by v0lkan over 1 year ago
Labels: enhancement, v0.38.0-candidate

#97 - documentation update: governance model, developer hours, project cadence and release timeline

Issue - State: closed - Opened by v0lkan over 1 year ago - 1 comment
Labels: documentation, enhancement

#95 - Create a ClusterVSecMID Custom resource

Issue - State: closed - Opened by v0lkan over 1 year ago - 1 comment
Labels: enhancement, wontfix

#94 - Controller to reject vsecm-managed SVIDs that don't conform a certain template

Issue - State: closed - Opened by v0lkan over 1 year ago - 1 comment
Labels: enhancement, wontfix

#93 - try multi-cluster federation: separate clusters should be able to use VSecM as their source of truth.#267 Item statusOpen v0lkan opened now Description v0lkan now I’m not sure if this is really necessary because it’s often better to keep secrets sources closer to secret consumers (i.e. everything within the same cluster); but there might be use cases that require this, so it’s worth at least to think about that and come up with a stable-enough use case.

Issue - State: closed - Opened by v0lkan over 1 year ago - 1 comment
Labels: enhancement

#92 - use AWS KMS as an alternate backup store (it will act like the file system store that we back up secrets, without the versioning support) — safe would be able to back up secrets to both of the store simultaneously — when looking for secrets first fs store will be checked, and if no secret found there, then kms will be checked

Issue - State: open - Opened by v0lkan over 1 year ago - 1 comment
Labels: enhancement, v0.36.0-candidate

#90 - doc update: The project MUST have a general policy (formal or not) that as major new functionality is added to the software produced by the project, tests of that functionality should be added to an automated test suite.

Issue - State: closed - Opened by v0lkan over 1 year ago - 1 comment
Labels: documentation

#89 - Add to docs: we generate all cryptographic keys and nonces using secure random generators (and if we don’t then we need to file a bug for that too)

Issue - State: closed - Opened by v0lkan over 1 year ago - 1 comment
Labels: documentation

#88 - There MUST be no unpatched vulnerabilities of medium or higher severity that have been publicly known for more than 60 days.

Issue - State: closed - Opened by v0lkan over 1 year ago - 3 comments
Labels: documentation

#87 - add to docs: we fix all critical vulnerabilities rapidly after they are reported.

Issue - State: closed - Opened by v0lkan over 1 year ago - 1 comment
Labels: documentation, duplicate

#85 - have static code analysis run on the codebase

Issue - State: closed - Opened by v0lkan over 1 year ago - 1 comment
Labels: workflow

#84 - add to related security documentation: All medium and higher severity exploitable vulnerabilities discovered with dynamic code analysis MUST be fixed in a timely way after they are confirmed.

Issue - State: closed - Opened by v0lkan over 1 year ago - 1 comment
Labels: documentation

GitHub / vmware-tanzu/secrets-manager issues and pull requests