Details
-
Improvement
-
Resolution: Unresolved
-
Major
-
4.6.0
Description
The initial release of secrets management calls for setting a master password independently on each node and allows for nodes without master passwords. This undermines the purpose of the feature and leaves an obvious attack vector: adding a node without a master password will allow plain text passwords to be visible on that node.
If secrets management is enabled on any node, all new nodes should be required to set a master password.
Additionally, a utility should be available for setting/changing the master password cluster-wide.