-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[FEATURE REQUEST] pillar protection from being exposed via salt-call #67080
Comments
Hi there! Welcome to the Salt Community! Thank you for making your first contribution. We have a lengthy process for issues and PRs. Someone from the Core Team will follow up as soon as possible. In the meantime, here’s some information that may help as you continue your Salt journey.
There are lots of ways to get involved in our community. Every month, there are around a dozen opportunities to meet with other contributors and the Salt Core team and collaborate in real time. The best way to keep track is by subscribing to the Salt Community Events Calendar. |
If someone has root on a minion, they can read everything on the minion. That includes pillar data in the memory of the salt-minion process. Preventing them from using The only solutions are: |
@OrangeDog
Should a person with root rights on a VM see the secrets of specific applications? |
There is masking if you use A person with root rights on a VM can see all secrets on that VM (regardless of whether Salt is involved). If you think they should not then you need to not give them root rights. |
"complex permission system" is just a way of saying it is badly designed. people have too much control over systems they shouldn't have any kind of access to. if they shouldn't have access to the pillar data the shouldn't have access to salt-call. period. there is way more security at stake then just what they can read in pillars if they can access salt-call. such as oh i can't read the password in pillar but hey i can change the password in the app cause salt can access pillar, and it can change that password. or, hey i don't need access to the password cause salt-call knows it and can pull the information directly. obfuscating pillar is about as useful as putting a band aid on a severed arm. |
Is your feature request related to a problem? Please describe.
When using pillars propagated to minions, it is necessary to restrict access to them via a salt-call on the host. This is necessary if an organisation has a complex permission system and, for example, the host administrator should not have access to sensitive data propagated through pillars.
Describe the solution you'd like
Add an option to pillar sls file that will protect variables from being exposed via salt-call. In this case command "salt-call pillar.items" shows only pillars that don't have this option.
The text was updated successfully, but these errors were encountered: