Skip to content

Security: Reject in-memory providers in production deployments #11272

@vinayada1

Description

@vinayada1

Summary

The UCP threat assessment identifies THR09 (In-Memory Storage or Secret Backend Used in Production): UCP supports in-memory backends for storage, secret, and queue providers. These backends offer no persistence, durability, or encryption. If accidentally configured in production, all resource data and credentials are lost on pod restart.

No startup validation currently prevents this misconfiguration.

Proposed Changes

  1. Startup warning/guard: Add validation during UCP startup that logs a warning (or fails to start) when an in-memory provider is configured and a --production flag or environment variable is set.

  2. Helm chart schema validation: Add JSON schema validation to values.yaml that prevents setting provider types to inmemory (or requires an explicit dangerouslyAllowInMemory: true override).

  3. Health check annotation: Include the configured provider types in the health/readiness endpoint response so operators can verify production configuration.

Related

  • UCP threat assessment: RAD.UCP.THR09
  • Control catalog: RAD.UCP.CN12

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions