As discovered in ONAP Casablanca pentest (and confirmed in latest version) OOM contains a lot of different passwords. There are 3 issues related to this:

1) Some of passwords are stored in resource files rather than in secrets

2) The same passwords are reused for almost all deployments

3) It's is not possible to use already existing secrets for ONAP deployment

To fix those issues we plan:

1) Ensure that all passwords are stored in kubernetes secrets

2) Make all passwords randomly generated per deployment unless a passwords override has been provided for the deployment

3) Add ability to use external secrets instead of providing passwords override.