You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/datagatherers/k8s-dynamic.md
+2-10Lines changed: 2 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -77,14 +77,6 @@ Secrets can be gathered using the following config:
77
77
resource: secrets
78
78
```
79
79
80
-
Before Secrets are sent to the Preflight backend, they are redacted in the
81
-
following way:
80
+
Before Secrets are sent to the Preflight backend, they are redacted so no secret data is transmitted. See [`fieldfilter.go`](./../../pkg/datagatherer/k8s/fieldfilter.go) to see the details of which fields are filteres and which ones are redacted.
82
81
83
-
- `last-applied-configuration`annotation is removed
84
-
- For Secrets of type `kubernetes.io/tls`
85
-
- All keys under data other than the following are removed:
86
-
- tls.crt
87
-
- ca.crt
88
-
- All other secrets have all keys removed from their data.
89
-
90
-
**All resource other than Kubernetes Secrets are sent in full.**
82
+
> **All resource other than Kubernetes Secrets are sent in full, so make sure that you don't store secret information on arbitrary resources.**
0 commit comments