jekader opened a new issue, #329: URL: https://github.com/apache/incubator-devlake-helm-chart/issues/329
This helm chart currently deploys a very insecure devlake instance by default: authentication for the UI is disabled, DB passwords are hardcoded while the user is asked to generate the cumbersome encryption key manually which is exported as an env var and lost immediately anyways. This makes the setup quite vulnerable by so I propose populating all access credentials with random values if they are not explicitly set and have the user retrieve them from the created secret objects if needed. This is already the workflow for Grafana and works just fine. Specifically: | Value | Current default | Proposed default | | --- | --- | --- | | `lake.encryptionSecret.secret` | manually provided by user | random | |`mysql.username` | merico | random | |`mysql.password` | merico| random | |`ui.basicAuth.enabled` | false | true | | `ui.basicAuth.password` | - | random | -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@devlake.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
