Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Enable security by default

Description

By default, security is disabled in mgr-applications. This is controlled by the following two environment variables:

  • KC_INTEGRATION_ENABLED

  • SECURITY_ENABLED

In the interest of making Folio secure by default, we should adjust the default values of both of these to be true

NOTE: Don’t forget to update the README

N.B. Please coordinate with Kitfox team before merging any changes. We need to be careful not to break nightly builds.

Environment

None

Potential Workaround

None

Checklist

hide

Activity

Show:

Craig McNally 5 days ago

Notes on priority/release…

  1. This is not a blocker, hence P3. However, it’s something we do want to get fixed in Sunflower so that libraries/hosting providers who are starting to use Eureka will have a working, secure deployment by default.

  2. If we defer this to Trillium, there’s a chance that those hosting Eureka/Sunflower don’t specify these, leading to a security risk.

I’d like to target Sunflower CSP1 here, but if I do that I need to also increase the priority to P2. Also note that the Sunflower CSP1 release does not exist yet in Jira.

Mykola Makhin March 18, 2025 at 12:36 PM

Blocked by RANCHER-2180

Details

Assignee

Reporter

Labels

Priority

Story Points

Sprint

Development Team

Eureka

Release

Sunflower (R1 2025) Service Patch #1

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs

Created March 12, 2025 at 8:22 PM
Updated 3 days ago
TestRail: Cases
TestRail: Runs