You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The set up procedure says that I can share this kubeconfig with my team, and it works fine with rolebindings as it is supposed.
I have set scopes only for openid, profile, email:
My question is how secure is it to share this kubeconfig file that includes the oidc-client-id and oidc-client-secret. If the secret gets compromised (e.g.: pushed to a public repo ) can it be used to do harm in any way?
Thank you!
Your environment
OS: ubuntu
kubelogin version: v1.28.0
kubectl version: v1.26.3
OpenID Connect provider: gitlab (self hosted)
The text was updated successfully, but these errors were encountered:
If you commit that to a repo then the client essentially becomes a public client. In these cases, where the secret cannot be safely protected you should use --oidc-use-pkce. It should be fine.
Describe the question
I have set up kubelogin with (onprem) gitlab, all is working fine, I get this in my kubeconfig.yaml:
The set up procedure says that I can share this kubeconfig with my team, and it works fine with rolebindings as it is supposed.
I have set scopes only for openid, profile, email:
My question is how secure is it to share this kubeconfig file that includes the
oidc-client-id
andoidc-client-secret
. If the secret gets compromised (e.g.: pushed to a public repo ) can it be used to do harm in any way?Thank you!
Your environment
The text was updated successfully, but these errors were encountered: