Description

A Helm chart to install the Bitwarden Secrets Manager operator.

Overview

IdentityNamespaceAutomountSecretsPermissionsWorkloadsRisk
sm-operator-controller-managerdefault102Critical

Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.

Identities

🤖 sm-operator-controller-manager

Namespace: default  |  Automount:

🔑 Permissions (10)

RoleResourceVerbsRiskTags
Role sm-operator-leader-election-rolecoordination.k8s.io/leasescreate · delete · get · list · patch · update · watchCriticalControlPlaneDisruption CriticalNamespace DenialOfService Tampering
ClusterRole sm-operator-manager-rolecore/secretscreate · delete · get · list · patch · update · watchCriticalClusterWideSecretAccess CredentialAccess DataExposure InformationDisclosure Persistence (+4 more)
Role sm-operator-leader-election-rolecore/configmapscreate · delete · get · list · patch · update · watchHighConfigMapAccess DataExposure InformationDisclosure PotentialPrivilegeEscalation Tampering
ClusterRole sm-operator-proxy-roleauthorization.k8s.io/subjectaccessreviewscreateMediumInformationDisclosure RBACQuery
ClusterRole sm-operator-proxy-roleauthentication.k8s.io/tokenreviewscreateMediumCredentialAccess InformationDisclosure RBACQuery
ClusterRole sm-operator-manager-rolek8s.bitwarden.com/bitwardensecretscreate · delete · get · list · patch · update · watchLow
ClusterRole sm-operator-manager-rolek8s.bitwarden.com/bitwardensecrets/finalizersupdateLow
ClusterRole sm-operator-manager-rolek8s.bitwarden.com/bitwardensecrets/statusget · patch · updateLow
Role sm-operator-leader-election-rolecore/eventscreate · patchLow
ClusterRole sm-operator-manager-rolecore/secrets/statusgetLow

⚠️ Potential Abuse (10)

The following security risks were found based on the above permissions:

📦 Workloads (2)

KindNameContainerImage
Deploymentsm-operator-controller-managerkube-rbac-proxygcr.io/kubebuilder/kube-rbac-proxy:v0.14.1
Deploymentsm-operator-controller-managermanagerghcr.io/bitwarden/sm-operator:0.1.0