Merge pull request #6 from hensur/feature/base64

base64 encoding
mittwald · Apr 2, 2019 · 0701c3b · 0701c3b
2 parents 3da21d1 + 54bd713
commit 0701c3b
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 17 deletions.
diff --git a/README.md b/README.md
@@ -6,7 +6,7 @@ applications run on Kubernetes.
 
 ## Security note
 
-Older versions (actually, just 0.0.1) of this controller used the `math/rand` package for generating secrets, which is deterministic and not cryptographically secure (see #1 for more information). If you're already running this controller and want to regenerate all potentially compromised secrets, start the controller with the `-regenerate-insecure` flag (note that you will need to manually re-create any Pods using these secrets, though). When using the `kubectl apply` command from below, the new flag will be added to your Deployment automatically.
+Older versions (>= 1.0.0) of this controller used the `math/rand` package for generating secrets, which is deterministic and not cryptographically secure (see #1 for more information). If you're already running this controller and want to regenerate all potentially compromised secrets, start the controller with the `-regenerate-insecure` flag (note that you will need to manually re-create any Pods using these secrets, though). When using the `kubectl apply` command from below, the new flag will be added to your Deployment automatically.
 
 ## Deployment
 
@@ -41,7 +41,9 @@ data:
 
     ```
     $ kubectl annotate secrets --all secret-generator.v1.mittwald.de/regenerate=true
+    ```
 
 -   Regenerate only certain fields
     ```
-    $ kubectl annotate secrets --all secret-generator.v1.mittwald.de/regenerate=password1.password2
+    $ kubectl annotate secrets --all secret-generator.v1.mittwald.de/regenerate=password1.password2
+    ```
diff --git a/main.go b/main.go
@@ -19,7 +19,11 @@ package main
 
 import (
 	"crypto/rand"
+	"encoding/base64"
 	"flag"
+	"strings"
+	"time"
+
 	"github.com/golang/glog"
 	"github.com/mittwald/kubernetes-secret-generator/util"
 	"k8s.io/client-go/kubernetes"
@@ -31,9 +35,6 @@ import (
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/cache"
 	"k8s.io/client-go/tools/clientcmd"
-	"math/big"
-	"strings"
-	"time"
 )
 
 const (
@@ -43,9 +44,6 @@ const (
 	SecretSecureAnnotation      = "secret-generator.v1.mittwald.de/secure"
 )
 
-var runes = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789")
-var runesLen = big.NewInt(int64(len(runes)))
-
 var namespace string
 var allNamespaces bool
 var kubecfg string
@@ -191,15 +189,10 @@ func (c *GeneratorController) SecretAdded(obj interface{}) {
 }
 
 func generateSecret(length int) (string, error) {
-	b := make([]rune, length)
-	for i := range b {
-		n, err := rand.Int(rand.Reader, runesLen)
-		if err != nil {
-			return "", err
-		}
-		b[i] = runes[n.Int64()]
-	}
-	return string(b), nil
+	b := make([]byte, length)
+	rand.Read(b)
+
+	return base64.StdEncoding.EncodeToString(b)[0:length], nil
 }
 
 func contains(s []string, e string) bool {