Arnold Galovics created FINERACT-2118:
-----------------------------------------
Summary: S3 Content Repository credentials security
Key: FINERACT-2118
URL: https://issues.apache.org/jira/browse/FINERACT-2118
Project: Apache Fineract
Issue Type: Bug
Affects Versions: 1.9.0
Reporter: Arnold Galovics
When the Content Repository in Fineract - which stores the pictures of clients,
workbook imports, etc - is used in conjunction with AWS S3 integration, it
actually suffers from 2 huge problems:
# The AWS access and secret keys should be passed as environment variables
explicitly to the applications. This results in a huge security problem of
exposing the AWS credentials directly.
# The S3 integration for the Content Repository is NOT using the default AWS
credential chain, therefore you cannot use EC2 Instance Profiles, you cannot
use Service Accounts on K8S to grant access to the S3 bucket which stores the
contents. The only way to configure it is through the access key and secret key
environment variables.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
