Scheduled maintenance on Saturday, 27 September 2025, from 07:00 AM to 4:00 PM GMT (09:00 AM to 6:00 PM CEST) - some services may be unavailable -

Skip to content

Helm chart uses the root credentials for MySQL in all services

Currently the Openslice chart in kubernetes/helm/openslice uses the root credentials of MySQL for all services that need a database, despite configuring a different database for each and creating a portal user (as shown in the example below, Link to the referenced code)

          env:
            - name: SPRING_APPLICATION_JSON
              value: >-
                {
                  "origins":"{{ .Values.rooturl }}",
                  "spring.datasource.url": "jdbc:mysql://{{ include "openslice.fullname" . }}-mysql/osdb?createDatabaseIfNotExist=true",
                  "spring.datasource.username": "{{ .Values.oscreds.mysql.username }}",
                  "spring.datasource.password": "{{ .Values.oscreds.mysql.password }}",

This is not ideal in terms of security since a compromised service has full access to the MySQL server. Instead each service should have its own set of credentials that grant it access to only its database.