[Threat Modeling] Limit access to Gardener project kubeconfig #56
Labels
area/control-plane
Related to all activities around Kyma Control Plane
bv/security
Business Value: Security (see ISO 25010)
Reason
We're using a kubeconfig defined in
gardener-kubeconfig-path
. We should limit the access to it to not allow unathorize access to the gardener project.KIM has currently too many privileges and can also read other secrets which are not required for his work. This unnecessary privileges have to be removed to follow the least-privilege pattern.
Acceptance criteria
The text was updated successfully, but these errors were encountered: