azure/k8s-set-context
1
0
Fork 0
mirror of https://github.com/Azure/k8s-set-context.git synced 2026-06-13 23:42:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: set kubeconfig file permissions to 600 after creation (#252)

Browse Source 
Kubeconfig created by az connectedk8s proxy inherits default permissions, leaving cluster credentials readable by other processes on the runner.
This commit is contained in:
David Gamero 2026-06-04 19:37:03 -04:00 committed by GitHub
parent e69c104b14
commit 2dbd35cbdf
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/kubeconfigs/azCommands.ts
View File

@ -36,6 +36,7 @@ export async function runAzKubeconfigCommandBlocking(
proc.unref()
await sleep(AZ_TIMEOUT_SECONDS)
fs.chmodSync(kubeconfigPath, 0o600)
return fs.readFileSync(kubeconfigPath).toString()
}