Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ADR for secret creation and distribution #132

Closed
bnevis-i opened this issue Apr 30, 2020 · 0 comments · Fixed by #141
Closed

ADR for secret creation and distribution #132

bnevis-i opened this issue Apr 30, 2020 · 0 comments · Fixed by #141
Labels
security_audit Track issues that are related to CVE/CVSS/CWE auditing etc
Milestone
Hanoi

Comments

@bnevis-i
Copy link
Collaborator

  • Establish common way to create:
    • Generic passwords
    • Database passwords
    • PKI certificates
  • Establish BKM of prioritized methods of consuming secrets
    1. Process to process (Vault to consuming service)
    2. Dynamic injection of environment variable (pull at runtime from Vault)
    3. Distribution via secrets volume (tmpfs file system)
    4. Via command line (last resort)
  • Establish prohibited practices
    • Secrets in source control
      • Coded into docker-compose scripts
      • Coded into configuration files that are checked in
      • Embedded in docker images
@bnevis-i bnevis-i added f2f-hanoi release_affected for roadmap items committed at Hanoi planning F2F hanoi Hanoi release security_audit Track issues that are related to CVE/CVSS/CWE auditing etc labels Apr 30, 2020
@bnevis-i bnevis-i mentioned this issue May 1, 2020
Merged
7 tasks
@bnevis-i bnevis-i added this to the Hanoi milestone Jun 10, 2020
@bnevis-i bnevis-i removed f2f-hanoi release_affected for roadmap items committed at Hanoi planning F2F hanoi Hanoi release labels Jun 10, 2020
This was referenced Jul 29, 2020
Closed
Closed
@hutchic hutchic closed this as completed Aug 5, 2020
@hutchic hutchic reopened this Aug 5, 2020
bnevis-i added a commit that referenced this issue Aug 12, 2020
@bnevis-i
chore: ADR for creation and distribution of secrets (#141)
0b48757 
* chore: ADR for creation and distribution of secrets

Fixes #132

Signed-off-by: Bryon Nevis <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security_audit Track issues that are related to CVE/CVSS/CWE auditing etc
Projects
None yet
Milestone
Hanoi
Development

Successfully merging a pull request may close this issue.

chore: ADR for creation and distribution of secrets
2 participants
@hutchic @bnevis-i