Skip to content

Add CSI driver to threat model #1106

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Sep 3, 2025
Merged

Add CSI driver to threat model #1106

merged 4 commits into from
Sep 3, 2025

Conversation

digivava
Copy link
Collaborator

@digivava digivava commented Sep 3, 2025

The new VSO CSI driver functionality shares many of the security concerns of the traditional way of running VSO, but introduces a new threat vector, so I detail it here in a separate section.

PCI review checklist

  • I have documented a clear reason for, and description of, the change I am making.

  • If applicable, I've documented a plan to revert these changes if they require more than reverting the pull request.

  • If applicable, I've documented the impact of any changes to security controls.

    Examples of changes to security controls include using new access control methods, adding or removing logging pipelines, etc.

@digivava digivava requested a review from a team as a code owner September 3, 2025 18:01
benashz
benashz reviewed Sep 3, 2025
View reviewed changes
Copy link
Collaborator

@benashz benashz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good so far. I made some minor suggestions.

docs/threat-model/README.md
</ul>
</td>
</tr>
</table>
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would good to link out to the API reference docs, especially for the CSISecrets.spec. We can probably add that later once they are fully published.

benashz
benashz reviewed Sep 3, 2025
View reviewed changes
Copy link
Collaborator

@benashz benashz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added a few minor suggestions. Looking good so far!

@digivava @benashz
Casing changes
3828c3c 
Co-authored-by: Ben Ash <[email protected]>
@mcollao-hc mcollao-hc self-requested a review September 3, 2025 21:25
@digivava digivava merged commit f8409d9 into VAULT-31684/release-vso-csi Sep 3, 2025
101 of 103 checks passed
@digivava digivava deleted the VAULT-37288/vso-csi-model branch September 3, 2025 22:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@benashz benashz benashz approved these changes

@mcollao-hc mcollao-hc mcollao-hc approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@digivava @benashz @mcollao-hc