Security @ fluxcd/flux2

.github
- ISSUE_TEMPLATE
  - bug_report.yaml
  - config.yml
- aur
- kind
  - config.yaml
- runners
- workflows
- dependabot.yml
- labels.yaml
action
- README.md
- action.yml
cmd
- flux
docs
- release
  - README.md
  - release-notes-template.md
install
- README.md
- flux.sh
internal
- build
- flags
- tree
  - tree.go
- utils
manifests
- bases
- crds
  - kustomization.yaml
- install
- integrations
- monitoring
  - README.md
- openshift
- policies
- rbac
- scripts
  - bundle.sh
pkg
- bootstrap
- log
  - log.go
  - nop.go
- manifestgen
  - install
  - kustomization
    - kustomization.go
    - options.go
  - sourcesecret
  - sync
  - doc.go
  - labels.go
  - manifest.go
  - tmpdir.go
- printers
- status
  - status.go
- uninstall
  - uninstall.go
rfcs
- 0001-authorization
  - README.md
- 0002-helm-oci
  - README.md
- 0003-kubernetes-oci
  - README.md
- 0004-insecure-http
  - README.md
- 0005-artifact-revision-and-digest
  - README.md
- 0006-cdevents
- RFC-0000
  - README.md
- README.md
tests
- bootstrap
  - main.go
- image-automation
- integration
  - terraform
    - azure
    - gcp
      - gke.tf
      - kms.tf
      - main.tf
      - outputs.tf
      - pubsub.tf
      - sourcerepo.tf
      - variables.tf
  - .env.sample
  - Makefile
  - README.md
  - azure_specific_test.go
  - azure_test.go
  - flux_test.go
  - gcp_test.go
  - go.mod
  - go.sum
  - image_repo_test.go
  - notification_test.go
  - oci_test.go
  - sops_encryption_test.go
  - suite_test.go
  - util_test.go
- .gitignore
.gitignore
.goreleaser.yml
CODE_OF_CONDUCT.md
CONTRIBUTING.md
DCO
Dockerfile
LICENSE
MAINTAINERS
Makefile
README.md
go.mod
go.sum
netlify.toml

Security for https://github.com/fluxcd/flux2/

Discussion on the security features and protocols in Flux v2, including authentication, authorization, and encryption.

What is Security?

According to the Flux documentation (https://docs.fluxcd.io/en/latest/security/), FluxCD’s GitOps workflow tool, Flux v2, includes several security features to ensure the secure deployment and management of applications.

Why is Security important?

As stated in the Flux documentation (https://docs.fluxcd.io/en/latest/security/), “Security is a critical aspect of any production system. FluxCD provides several features to help secure your deployments.”

Authentication

Flux v2 supports several authentication methods, including:

GitHub: Flux can be configured to use GitHub for authentication. This can be done by setting the github.token secret in the Flux configuration file. For more information, see the Flux documentation on GitHub authentication.
GitLab: Flux can also be configured to use GitLab for authentication. This can be done by setting the gitlab.token secret in the Flux configuration file. For more information, see the Flux documentation on GitLab authentication.
OIDC: Flux supports OpenID Connect (OIDC) for authentication. This can be configured by setting the oidc.clientID, oidc.issuerURL, and oidc.secret secrets in the Flux configuration file. For more information, see the Flux documentation on OIDC authentication.

Authorization

Flux v2 includes several authorization features, including:

Kubernetes RBAC: Flux can be configured to use Kubernetes Role-Based Access Control (RBAC) for authorization. This can be done by creating Kubernetes roles and role bindings. For more information, see the Flux documentation on Kubernetes RBAC.
GitHub Teams: Flux can be configured to use GitHub Teams for authorization. This can be done by setting up GitHub teams and their corresponding members. For more information, see the Flux documentation on GitHub Teams.
GitLab Groups: Flux can also be configured to use GitLab Groups for authorization. This can be done by setting up GitLab groups and their corresponding members. For more information, see the Flux documentation on GitLab Groups.

Encryption

Flux v2 includes several encryption features, including:

TLS: Flux supports Transport Layer Security (TLS) for secure communication between the Flux controller and the Kubernetes API server. This can be configured by setting the tls.cert and tls.key secrets in the Flux configuration file. For more information, see the Flux documentation on TLS encryption.
Encrypted Secrets: Flux supports encrypted secrets for storing sensitive information, such as passwords and API keys. This can be done by encrypting the secret data using a tool like kubeseal or sops. For more information, see the Flux documentation on Encrypted Secrets.