security model updates (#19656)

This commit is contained in:
mickael-hc 2023-03-21 14:14:00 -04:00 committed by GitHub
parent 641f42f767
commit 427b4dbd49
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -75,6 +75,12 @@ The following are not considered part of the Vault threat model:
credentials, they can access Vault with the level of privilege associated with this credentials, they can access Vault with the level of privilege associated with this
client. client.
- Protecting against Vault administrators supplying vulnerable or malicious configuration
data. Any data provided as configuration values to Vault's administrative endpoints
(e.g. [secret engines](/vault/docs/secrets) configurations), or Vault's
configuration files should be validated. If an attacker can write to Vault's
configuration, then the confidentiality or integrity of data can be compromised.
# External Threat Overview # External Threat Overview
Vault architecture compromises of three distinct systems: Vault architecture compromises of three distinct systems: