torus-cli icon indicating copy to clipboard operation
torus-cli copied to clipboard
verified publisher icon manifoldco

Feature Discussion - Personal or Global Secrets

Open ianlivingstone opened this issue 9 years ago • 1 comments

There are a few types of "secrets" that don't fit within the concept of a project (e.g. code repository) as their life cycles exist outside of a single application (e.g. AWS_SECRET_KEY or similar).

Ideally, these secrets can be stored inside torus, however, we need to answer a few questions.

  • Do these secrets belong to the org or the user? For example, if I set my AWS_SECRET_KEY, is that accessible to the org or does the data belong to me?
  • How are these secrets (which don't belong to a specific project) affect those that are set within a project or service (i.e. how does path specificity fit?)
  • What would it look like to set a personal or global secret?
  • How would you view and explore these secrets in relation to the other secrets stored inside torus?

All feedback, thoughts, ideas are welcome :)

ianlivingstone avatar Jan 16 '17 01:01 ianlivingstone

Won't creating global envs create more complexity in managing access control? AWS_SECRET_KEY can be a part of a project which a devOps app uses. Otherwise all apps in global namespace gets access to the AWS secrets, or else extra access controls have to be introduced to manage who gets access to global secrets.

jinmatt avatar Jan 23 '17 18:01 jinmatt