bedrock icon indicating copy to clipboard operation
bedrock copied to clipboard
verified publisher icon microsoft

Investigate Source control file encryption for Generation Pipeline

Open NathanielRose opened this issue 6 years ago • 4 comments

As an: Operator I want: Guidance on source control file encryption So that: My gitops repository for live infrastructure deployment has redacted secrets and encrypted configuration files

Describe the solution you'd like: A section within the generation pipeline that details guidance on source control file encryption and integration with SPK.

Acceptance Criteria:

  • [ ] Tool Assessment: Gitcrypt vs Blackbox vs Gitsecret
  • [ ] Documentation on guidance

Does this require updates to documentation?: Yes

NathanielRose avatar Jan 08 '20 23:01 NathanielRose

@NathanielRose @yradsmikham this seems low pri relative this the other items in the "epic"

Encryption of files vs Keyvault secrets (Is this still needed?) Tool Assessment: Gitcrypt vs Blackbox vs Gitsecret Documentation on guidance

There are many approaches to this. I'm not sure if we need to be prescriptive about this right now.

andrebriggs avatar Jan 09 '20 02:01 andrebriggs

@andrebriggs Yes, this is indeed low-priority.

yradsmikham avatar Jan 09 '20 17:01 yradsmikham

@andrebriggs Thoughts here on adding documentation for this?

NathanielRose avatar Feb 13 '20 01:02 NathanielRose

@NathanielRose Since GitCrypt, Blackbox and GitSecret are will known tool do we really need to do an analysis?

Tool Assessment: Gitcrypt vs Blackbox vs Gitsecret Documentation on guidance

What would suffice would just be mentioning these tools. See link1, link2, and link3

If we do that what do you think the size of the task is?

cc @yradsmikham

andrebriggs avatar Feb 14 '20 01:02 andrebriggs