New cheat sheet proposal: Secrets Management #124
Comments
dominikdesmit
added
ACK_WAITING
|
Yes, Yes, Yes :) @dominikdesmit can I assign this issue to you? |
|
Here is also very good resource about tools: https://gist.github.com/maxvt/bb49a6c7243163b8120625fc8ae3f3cd |
mackowski
added
ACK_OBTAINED
|
@mackowski awesome, yes you can! |
|
All your defensive cheat sheet belong to us :) :) :) . We will be more than
happy to include and maintain it into the cheat sheet series house.
|
|
Hey @dominikdesmit are you still working on this? Do you need any help from us? |
|
Hello, As the issue is assigned since many time and we do not have received any PR for this then we send it back to the backlog and we set it as HELP_WANTED. Thank you very much in advance for your understanding 😃 |
|
BUMP this is a great idea. |
|
@mackowski this is one only lists tools, shouldn't this have to be more practical on how to use or implement them into these services |
|
Yes, this needs to be combined together. In general a lot of work is needed for this but if @ykcab or @dominikdesmit you want to create PR and work on this with us it will be awesome. |
|
Hey @mackowski, sorry for not responding anymore! I was really busy with some other things. I would like to pick this up again but I would require some help :) I was also thinking about reaching out to other secrets management experts in the field, maybe people like Armon Dadgar would like to help out as well? The latest status is here actually: https://github.com/dominikdesmit/CheatSheetSeries/blob/master/cheatsheets/Secrets_Management_Cheat_Sheet.md Let me know your thoughts @mackowski @ykcab! |
|
Sure, @dominikdesmit. I'll be happy to contribute. |
|
I would love to help and collaborate with you folks. |
* first corrections * First iteration of 1 and 6 in #124 (#787) * First iteration of 1 in #124 * First iteration of 6 in #124 * First iteration of 3&4 at #124 (#791) * First iteration of 3&4 at #124 * added related cheatsheets * Added first 'more reading' part * 6 and 8 (WIP) of #124 * update section 2.4 of SMCS for #124 * WIP * WIP @ pipeline
* Adding outline for section 3 of the cheatsheet, updating #124 * change order and scope * WIP @ section 3 ,please DO NOT MERGE * WIP @ secrets maangement
|
We have dropped the whole vendor lockin part as that is not very relevant for cloud providers, #816 for WIP (please do NOT merge yet). |
|
Hi all, as you can tell, we are slowly making progress, but it is quite a lot that has to be written. Can you for now please help reviewing section 3 of #816 :) ? so that we can move ahead with the next sections. We are looking for feedback as well to understand whether the content written is actually helpful :). (if not, we might as well maybe nuke it and start over ^^) |
|
Anybody wants to help by picking up a task of the list above? |
* Adding outline for section 3 of the cheatsheet, updating #124 * change order and scope * WIP @ section 3 ,please DO NOT MERGE * WIP @ secrets maangement * WIP @ secion 3 for #124 * Fix last markdown issues * Pre-reserving * small fixes * quick update on CI/CD secrets * adding footnotes * quick addition * Add outline for cloud * Add to section 4 * updated section 3 again * first final version of chatper 3: * rewrote first paragraphs of chapter 5 * adding last part * added missing links * first version of chapter 5 rewritten * Added structure for 12 at #124 * Wip @section 7 for #124 and reserved some sections to other github handles (@bendehaan and @thatsjet) * Add services to use to section 4 Co-authored-by: Ben de Haan <[email protected]>
|
Hi there, we are now checking if we really need section 8 for the MVP. And will try to close down sections 4 with @bendehaan and section 9 and 11 with @thatsjet . Let's see if we can redivide this work to speed up its writing! MVP time :) |
|
With #840 the mVP is almost done! When it is merged, we can close this issue i guess? Anything needing to happen to get it from concept version to a production version? |
* Fix index as recommended by @bendehaan * Promote secrets management cheatsheet as MVP into prd for #124 * Fixing linter errors for #124
|
IT IS ALIVE! |
|
FANTASTIC WORK TEAM! |
|
Let's close this in favor of #845, again: thank you for your work everybody! |
Hi guys,
At the Open Security Summit 2019 we started working on a cheat sheet for Secrets Management: https://open-security-summit.org/tracks/devsecops/working-sessions/secrets-management/. The results are captured here: https://github.com/dominikdesmit/owasp-secrets-management. I think this would be very relevant also for this project and in terms of visibility.
There is a big need for more guidance around secrets management and currently there are no guidelines from OWASP. With this cheat sheet we hope to fill that gap!
Do you guys think it would be a good idea to put this cheat sheet under this project or should it be a separate one?
Thanks!
to discuss: maybe restructure 2 in order to focus on the basics firsts and split the advanced materials (and more vendor related) from it. (See https://xebia.com/blog/secure-deployment-10-pointers-on-secrets-management/ as well for osme of the topics).will be done post-mvpe.g. have filled in what we want to touch per paragraph, then replace this task with detailed tasks and fill in what you can already fill in, with resources linked already) - skipping as part of mvpwrite basic outline of 10(e.g. have filled in what we want to touch per paragraph, then replace this task with detailed tasks and fill in what you can already fill in, with resources linked already) - removed, possibly come back post mvpThe text was updated successfully, but these errors were encountered: