Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[Cloud Security] Updating the CSPM integration with deployment_mode and secrets #11271

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Oct 7, 2024
Merged

[Cloud Security] Updating the CSPM integration with deployment_mode and secrets #11271

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
95c248e
Updating the CSPM integration with deployment_mode and secrets
seanrathier Sep 27, 2024
01fbfe3
buming version
seanrathier Oct 1, 2024
3de17ca
changelog
seanrathier Oct 1, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions packages/cloud_security_posture/changelog.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,11 @@
# 1.4.x - 8.9.x
# 1.3.x - 8.8.x
# 1.2.x - 8.7.x
- version: "1.11.0-preview10"
changes:
- description: Adding deployment_modes to cspm policy template and secret field linting checks
type: enhancement
link: https://github.com/elastic/integrations/pull/11271
- version: "1.11.0-preview09"
changes:
- description: Bump package to include new kibana condition
Expand Down
4 changes: 4 additions & 0 deletions packages/cloud_security_posture/data_stream/findings/manifest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ streams:
multi: false
required: false
show_user: true
secret: false
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any security concern regards adding secret as false?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://github.com/elastic/integrations/pull/11271/files#r1784954363

- name: secret_access_key
type: password
title: Secret Access Key
Expand All @@ -55,6 +56,7 @@ streams:
multi: false
required: false
show_user: true
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should secret access key be true? We don't want to expose secret?

secret: false
- name: shared_credential_file
type: text
title: Shared Credential File
Expand Down Expand Up @@ -100,6 +102,7 @@ streams:
multi: false
required: false
show_user: true
secret: false
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should shared credentials file secret be true?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://github.com/elastic/integrations/pull/11271/files#r1784954363

- name: secret_access_key
type: password
title: Secret Access Key
Expand All @@ -113,6 +116,7 @@ streams:
multi: false
required: false
show_user: true
secret: false
Copy link
Contributor

@Omolola-Akinleye Omolola-Akinleye Oct 2, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should secret access key be true? Security concern regards of exposing secret access keys

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The lint for the integration identified these fields as needing the secret attributes, likely because they have the name access_key and session_key.

Since we already have other fields with the secret attribute set to true, I assumed these were not meant to be masked like a password.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

okay got it! Thanks!

- name: shared_credential_file
type: text
title: Shared Credential File
Expand Down
9 changes: 7 additions & 2 deletions packages/cloud_security_posture/manifest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
format_version: 3.0.0
format_version: 3.2.2
name: cloud_security_posture
title: "Security Posture Management"
version: "1.11.0-preview09"
version: "1.11.0-preview10"
source:
license: "Elastic-2.0"
description: "Identify & remediate configuration risks in your Cloud infrastructure"
Expand Down Expand Up @@ -102,6 +102,11 @@ policy_templates:
type: image/svg+xml
data_streams:
- findings
deployment_modes:
default:
enabled: true
agentless:
enabled: true
inputs:
- type: cloudbeat/cis_aws
title: Amazon Web Services
Expand Down