Ensure that the secrets are injected at runtime

Description

Secrets are injected at runtime, such as environment variables or as a file (eg: use Github Secrets)

Dashboard Inclusion

We use the column has_injectedSecretsAtRuntime_policy from the table projects to calculate the status, this column is populated using the bulk importer. More information

Details

• Default Category: service authentication
• Default Priority Group: P2
• Implementation Details: It is manual (details).
• C-SCRM: true
• Mitre: CWE-538
• Sources: CNCF CNSWP 2.0 #195
• How To: Github Docs