Description

Helm chart deploys sops-secrets-operator

Overview

IdentityNamespaceAutomountSecretsPermissionsWorkloadsRisk
sops-secrets-operatordefault101Critical

Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.

Identities

🤖 sops-secrets-operator

Namespace: default  |  Automount:

🔑 Permissions (10)

RoleResourceVerbsRiskTags
ClusterRole sops-secrets-operatorcore/configmaps*CriticalClusterWideAccess ConfigMapAccess DataExposure InformationDisclosure PotentialPrivilegeEscalation (+2 more)
ClusterRole sops-secrets-operatorcoordination.k8s.io/leases*CriticalClusterWideAccess ControlPlaneDisruption CriticalNamespace DenialOfService LeaderElectionAbuse (+2 more)
ClusterRole sops-secrets-operatorcore/secrets*CriticalClusterWideAccess ClusterWideSecretAccess CredentialAccess DataExposure InformationDisclosure (+6 more)
ClusterRole sops-secrets-operatorcore/events*MediumClusterWideAccess InformationDisclosure OperationalData Reconnaissance WildcardPermission
ClusterRole sops-secrets-operatorevents.k8s.io/events*MediumClusterWideAccess InformationDisclosure OperationalData Reconnaissance WildcardPermission
ClusterRole sops-secrets-operatorcore/secrets/statusget · patch · updateLow
ClusterRole sops-secrets-operatormonitoring.coreos.com/servicemonitorscreate · getLow
ClusterRole sops-secrets-operatorisindir.github.com/sopssecretscreate · delete · get · list · patch · update · watchLow
ClusterRole sops-secrets-operatorisindir.github.com/sopssecrets/finalizersupdateLow
ClusterRole sops-secrets-operatorisindir.github.com/sopssecrets/statusget · patch · updateLow

⚠️ Potential Abuse (13)

The following security risks were found based on the above permissions:

📦 Workloads (1)

KindNameContainerImage
Deploymentsops-secrets-operatorsops-secrets-operatorquay.io/isindir/sops-secrets-operator:0.21.0