Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 github-actions[bot]
|
1869941e13 |
@@ -16,5 +16,3 @@ jobs:
|
|||||||
dual-approval:
|
dual-approval:
|
||||||
uses: privilegedescalation/.github/.github/workflows/dual-approval-check.yaml@main
|
uses: privilegedescalation/.github/.github/workflows/dual-approval-check.yaml@main
|
||||||
secrets: inherit
|
secrets: inherit
|
||||||
with:
|
|
||||||
pr_number: ${{ github.event.pull_request.number }}
|
|
||||||
|
|||||||
@@ -151,7 +151,7 @@ Plaintext values never leave your browser.
|
|||||||
| Network sniffing | No plaintext on network | ✅ Protected |
|
| Network sniffing | No plaintext on network | ✅ Protected |
|
||||||
| Compromised proxy | Only sees encrypted data | ✅ Protected |
|
| Compromised proxy | Only sees encrypted data | ✅ Protected |
|
||||||
| Browser XSS | Headlamp CSP policies | ⚠️ Standard web security |
|
| Browser XSS | Headlamp CSP policies | ⚠️ Standard web security |
|
||||||
| Supply chain | Package locks, Renovate | ⚠️ Ongoing monitoring |
|
| Supply chain | Package locks, dependabot | ⚠️ Ongoing monitoring |
|
||||||
|
|
||||||
See: [ADR 003: Client-Side Encryption](docs/architecture/adr/003-client-side-crypto.md)
|
See: [ADR 003: Client-Side Encryption](docs/architecture/adr/003-client-side-crypto.md)
|
||||||
|
|
||||||
|
|||||||
+1
-1
@@ -70,7 +70,7 @@ Key dependencies with security implications:
|
|||||||
- **node-forge**: Used for client-side encryption of secret values with the cluster's sealing certificate. Keep this dependency up to date.
|
- **node-forge**: Used for client-side encryption of secret values with the cluster's sealing certificate. Keep this dependency up to date.
|
||||||
- **@kinvolk/headlamp-plugin**: Peer dependency providing the Kubernetes API proxy. Update by upgrading your Headlamp installation.
|
- **@kinvolk/headlamp-plugin**: Peer dependency providing the Kubernetes API proxy. Update by upgrading your Headlamp installation.
|
||||||
|
|
||||||
The project uses `npm audit` and Renovate to monitor for known vulnerabilities.
|
The project uses `npm audit` and Dependabot to monitor for known vulnerabilities.
|
||||||
|
|
||||||
## Contact
|
## Contact
|
||||||
|
|
||||||
|
|||||||
+3
-3
@@ -1,6 +1,6 @@
|
|||||||
# Artifact Hub package metadata file
|
# Artifact Hub package metadata file
|
||||||
# https://github.com/artifacthub/hub/blob/master/docs/metadata/artifacthub-pkg.yml
|
# https://github.com/artifacthub/hub/blob/master/docs/metadata/artifacthub-pkg.yml
|
||||||
version: "1.0.2"
|
version: "1.0.1"
|
||||||
name: headlamp-sealed-secrets
|
name: headlamp-sealed-secrets
|
||||||
displayName: Sealed Secrets
|
displayName: Sealed Secrets
|
||||||
createdAt: "2026-02-12T00:00:00Z"
|
createdAt: "2026-02-12T00:00:00Z"
|
||||||
@@ -19,8 +19,8 @@ keywords:
|
|||||||
- encryption
|
- encryption
|
||||||
- security
|
- security
|
||||||
annotations:
|
annotations:
|
||||||
headlamp/plugin/archive-url: "https://github.com/privilegedescalation/headlamp-sealed-secrets-plugin/releases/download/v1.0.2/sealed-secrets-1.0.2.tar.gz"
|
headlamp/plugin/archive-url: "https://github.com/privilegedescalation/headlamp-sealed-secrets-plugin/releases/download/v1.0.1/sealed-secrets-1.0.1.tar.gz"
|
||||||
headlamp/plugin/archive-checksum: sha256:0eaf34d380d133120d3a50c890e0c96b23717427887b1f23377a841cb3783b11
|
headlamp/plugin/archive-checksum: sha256:a7935aac260dd08d1363321e8d2320d9f9feee74e47bf51d95a6df4bd33f7f16
|
||||||
headlamp/plugin/version-compat: ">=0.13.0"
|
headlamp/plugin/version-compat: ">=0.13.0"
|
||||||
headlamp/plugin/distro-compat: "desktop,in-cluster,web,docker-desktop"
|
headlamp/plugin/distro-compat: "desktop,in-cluster,web,docker-desktop"
|
||||||
links:
|
links:
|
||||||
|
|||||||
@@ -349,7 +349,7 @@ Added type safety:
|
|||||||
|
|
||||||
**Supply Chain**:
|
**Supply Chain**:
|
||||||
- Risk: Compromised node-forge dependency
|
- Risk: Compromised node-forge dependency
|
||||||
- Mitigation: Package lock, Renovate, regular audits
|
- Mitigation: Package lock, dependabot, regular audits
|
||||||
- Same risk as any JavaScript dependency
|
- Same risk as any JavaScript dependency
|
||||||
|
|
||||||
**Browser Extensions**:
|
**Browser Extensions**:
|
||||||
|
|||||||
+2
-5
@@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
"name": "sealed-secrets",
|
"name": "sealed-secrets",
|
||||||
"version": "1.0.2",
|
"version": "1.0.1",
|
||||||
"description": "Headlamp plugin for Bitnami Sealed Secrets - manage encrypted Kubernetes secrets",
|
"description": "Headlamp plugin for Bitnami Sealed Secrets - manage encrypted Kubernetes secrets",
|
||||||
"files": [
|
"files": [
|
||||||
"dist",
|
"dist",
|
||||||
@@ -51,10 +51,7 @@
|
|||||||
],
|
],
|
||||||
"overrides": {
|
"overrides": {
|
||||||
"tar": "^7.5.11",
|
"tar": "^7.5.11",
|
||||||
"undici": "^7.24.3",
|
"undici": "^7.24.3"
|
||||||
"vite": ">=6.4.2",
|
|
||||||
"lodash": ">=4.18.0",
|
|
||||||
"elliptic": ">=6.6.1"
|
|
||||||
},
|
},
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"node-forge": "^1.4.0"
|
"node-forge": "^1.4.0"
|
||||||
|
|||||||
Generated
+750
-1164
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user