Skip to content

Commit

Permalink
fix: avoid decoding plain text password when database secret exists
Browse files Browse the repository at this point in the history 
Signed-off-by: Emanuele Barsanti <[email protected]>
  • Loading branch information
@barsa-net
barsa-net authored and Shengwen Yu committed Jan 15, 2024
1 parent 7f748f8 commit 7b91c25
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,7 @@ app: "{{ template "harbor.name" . }}"
{{- if eq .Values.database.type "internal" -}}
{{- $existingSecret := lookup "v1" "Secret" .Release.Namespace (include "harbor.database" .) -}}
{{- if and (not (empty $existingSecret)) (hasKey $existingSecret.data "POSTGRES_PASSWORD") -}}
{{- .Values.database.internal.password | default (index $existingSecret.data "POSTGRES_PASSWORD") | b64dec -}}
{{- .Values.database.internal.password | default (index $existingSecret.data "POSTGRES_PASSWORD" | b64dec) -}}
{{- else -}}
{{- .Values.database.internal.password -}}
{{- end -}}
Expand Down

1 comment on commit 7b91c25

@sharkymcdongles
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is fixed here on the tag 1.14.0, but the chart zip stored in the helm repo is still broken for 1.14.0. I would suggest pushing out a 1.14.1 just to be clear about the fix.

@barsa-net @zyyw

Please sign in to comment.